Decentralized crypto exchange Bisq halts trading due to ‘critical security vulnerability’

UPDATE: 10:15 A.M. EDT: In subsequent blog post, the Bisq team said that "about 24 hours ago, we discovered that an attacker was able to exploit a flaw in the Bisq trade protocol, targeting individual trades in order to steal trading capital."

The team went on to explain:"We are aware of approximately 3 BTC and 4000 XMR stolen from 7 different victims. This is the situation as we know it so far. The only market affected was the XMR/BTC market, and all affected trades occured over the past 12 days."

That figure equates to roughly $245,000 at current market prices for bitcoin and monero.

Bisq has also published a security vulnerability fix, adding on Twitter that "in-app alerts are going out now."

Decentralized or non-custodial cryptocurrency exchange Bisq has halted trading until further notice due to a “critical security vulnerability.”

Announcing the news on Tuesday, Bisq said it has used the alert key to "temporarily disable trading."

"Bisq is a proper distributed peer-to-peer network. So you can override the latest alert key functionality that blocks trading. But we highly discourage you from doing this for your own security," said the exchange.

Bisq is expected to release an update of its application “within a few hours.” In the meantime, the exchange has advised users not to send any funds to a counter-party if they active trades.

“Until v1.3.0 is released, existing trades cannot be completed. Please hold tight. Of course, because of Bisq’s security model, your funds are not at risk,” said the exchange.

Bisq is an open-source, peer-to-peer application that allows users to buy and sell cryptocurrencies in exchange for national currencies.