Hacker exploits flaw in decentralized bitcoin exchange Bisq to steal $250K

Bisq, a non-custodial exchange, uncovered a critical vulnerability that enabled an attacker to withdraw more than $250,000 of user funds held mostly in monero (XMR). A recent upgrade to the protocol added the vulnerability which allowed the attacker to set the default address in case a transaction fails to their own. They were then able to initiate a trade and wait for it to fail to then receive the buyer's payment and security deposit.

Why it matters - Decentralized financial applications have experienced a number of failures this year resulting in the loss of funds. With each additional incident, users are going to become increasingly wary of holding money on non-custodial venues as they prove to be no safer than their centralized counterparts. - Cryptocurrency users tend to be acutely aware of their financial privacy which is where privacy coins like monero gain their value proposition. However, since they mask transactions they are also a prime target for theft as the attacker does not have to worry about being traced.