The Bisq trade protocol uses a 2-of-2 multisig where both the maker and taker hold keys. An exploit in the trade protocol itself (not the keys, but the coordination mechanism) can allow a malicious counterparty to steal from trades in progress.
Immediate steps for Bisq users:
Do not initiate new trades until further notice
Trades already in "awaiting deposit" state are at risk — watch for the BSQ bond mechanism details from the Bisq team
If you have BTC locked in a pending trade, do not release BTC without the full trade confirmation flow completing correctly
The broader lesson: P2P DEX security is not just about key security. The coordination protocol between peers is also an attack surface. Bisq's design minimizes trust but does not eliminate it at the protocol coordination layer.
Follow the Bisq community link for official updates. The investigation is ongoing.
The Bisq trade protocol uses a 2-of-2 multisig where both the maker and taker hold keys. An exploit in the trade protocol itself (not the keys, but the coordination mechanism) can allow a malicious counterparty to steal from trades in progress.
Immediate steps for Bisq users:
The broader lesson: P2P DEX security is not just about key security. The coordination protocol between peers is also an attack surface. Bisq's design minimizes trust but does not eliminate it at the protocol coordination layer.
Follow the Bisq community link for official updates. The investigation is ongoing.