Decentralized Bitcoin exchange Bisq was hit by a targeted exploit, leading to the theft of approximately 11 BTC from user wallets. The attack adds to a record month of crypto hacks and has prompted the Bisq community to formulate a compensation plan for affected users. The incident underscores the persistent security vulnerabilities plaguing the decentralized finance sector.
Decentralized Bitcoin exchange Bisq was hit by a targeted exploit, leading to the theft of approximately 11 BTC from user wallets. The attack adds to a record month of crypto hacks and has prompted the Bisq community to formulate a compensation plan for affected users. The incident underscores the persistent security vulnerabilities plaguing the decentralized finance sector.
The decentralized Bitcoin trading protocol Bisq suffered a targeted exploit on May 3, resulting in the theft of approximately 11 BTC from active trade offers and prompting a community-led compensation plan.
"The attack exploited a flaw in how trade offers were processed, allowing the attacker to steal funds directly from users with active offers," a Bisq contributor known as 'Emzy' said in a forum post detailing the incident.
The theft of 11 BTC, valued at approximately $726,000 at current prices, adds to what has been the worst month on record for crypto exploits. According to data from security firm Certik, April saw more than $651 million stolen across 29 separate incidents, rattling confidence in the decentralized finance space.
The Bisq exploit highlights a persistent trend of security risks that have pushed capital out of DeFi, with total value locked in the sector down roughly 30% over the last 12 weeks, according to data from DefiLlama. The community's response and the structure of the forthcoming compensation plan will be critical for the platform to retain user trust and trading volume.
Details of the compensation plan are still under discussion by the Bisq DAO, with no final terms announced as of 18:00 UTC, May 3. The incident follows a string of high-profile DeFi exploits in April, including a $292 million breach at KelpDAO and a nearly $285 million hack of the Drift protocol, which have contributed to a significant capital rotation out of the sector.
The wave of exploits has had a chilling effect on the broader ecosystem, with Ethereum’s validator exit queue swelling to over 433,000 ETH as users withdraw from restaking protocols. On-chain analyst Checkmatey noted the trend, commenting that "capital leaving all forms of ‘defi’ because the risk is heavily skewed towards a zero return OF capital.”
While Bisq is a non-custodial platform, meaning it does not hold user funds directly, the exploit targeted a vulnerability in its trade protocol, allowing the attacker to drain funds from users engaged in trades. The platform's developers have since patched the vulnerability.
This article is for informational purposes only and does not constitute investment advice.
