![[PSA] Haveno TradeProtocol exploit](https://external-preview.redd.it/tbFMikukjNJxWxXRL34inG6ZlWuEwrtsWtNLsBneq1U.png?width=1080&crop=smart&auto=webp&s=7b5685d3655327b9b4034fb927694f58a667e63b)
▲ 35 r/Monero
[PSA] Haveno TradeProtocol exploit
A live instance of the Haveno software (RetoSwap) is effected. Details of the exploit from Haveno dev woodser are as follows: "when the attacker took a trade, they sent a fake, out-of-order ACK message impersonating the arbitrator, causing the software to update the arbitrator's node address to their own, allowing them to create a compromised multisig wallet before funds were deposited. preventing this is straight forward, by checking that the multisig wallet is already created before updating the arbitrator's address: https://github.com/haveno-dex/haveno/pull/2315".
It's not yet clear exactly how much Monero has been stolen. Haveno network operators are strongly advised to halt trading which RetoSwap has done.
u/plowsof — 1 day ago