Vulnerability in Bisq found and disclosed
Haveno Core Team | 07 Jul 2021
In July 2021, while Haveno was in its infancy, we found a critical vulnerability in Bisq.
This issue allowed an attacker to harvest user payment information on Bisq. The information included:
- Bank accounts
- Full names
- (Potentially) Home addresses
All the data could have been harvested at no cost at all for the attacker. We don’t know how long Bisq has had this vulnerability for and if it was exploited. We know that it was probably not exploited at a large scale, or Bisq’s support team would have noticed a spike in support tickets.
We reported the vulnerability to Bisq and helped them patch it. They then released a patched version of their software, which fixed the problem (v1.7.0).
The disclosure on Haveno’s Twitter: https://twitter.com/HavenoDEX/status/1412782658887766016.
The disclosure on Bisq’s Twitter: twitter.com/bisq_network/status/1412536933910147072.Go Back