RetoSwap disclosed on X on June 17 that the team received reports that the Haveno trading protocol was being actively exploited via a vulnerability. The team immediately suspended trading and blocked the attackers’ onion addresses. RetoSwap confirmed that the team itself was not compromised; the vulnerability was at the Haveno protocol layer. Losses were expected to be limited to limit orders involving large amounts of cryptocurrency, with fiat traders unaffected. Trading will resume after the protocol is repaired and a patch is released.
Attack details and response measures on June 17
According to RetoSwap’s official statement on the X platform, the confirmed response measures are as follows: the minimum client version was immediately set to 2.0.0 (trading was paused via the filtering function); the attackers’ onion address has been blocked.
RetoSwap confirmed: “The damage seems to be limited to large-scale cryptocurrency quotes, and fiat traders are not affected.” It also stated that if there are any outstanding counterparties to the above onion address, do not pay. Affected traders can contact the team via the “Chat with Admin” function in the RetoSwap SimpleX group.
Previous attack data and technical mechanism prior to May 21
Based on RetoSwap’s May 21 disclosure and PeckShield’s statistics, the loss was confirmed to be about 7,000 XMR (about $2.7 million). Haveno’s lead developer woodser reported at the time that the protocol was under attack, and RetoSwap took the same response measures as in this incident.
The confirmed technical method of the May attack: the attacker sent forged ACK messages impersonating the arbitrator, changed the node address to an address controlled by the attacker, thereby setting up a compromised multisig wallet before funds were deposited, enabling the illicit transfer of funds.
FAQ
Does the Haveno protocol vulnerability affect the security of RetoSwap’s own infrastructure?
Based on RetoSwap’s confirmed statements in both incidents, the RetoSwap team was not compromised. The vulnerability originated from a flaw in the Haveno trading protocol itself, not from RetoSwap’s platform systems.
Which users are affected by the June attack?
According to RetoSwap’s confirmation, the losses are expected to be limited to “limit orders involving large amounts of cryptocurrency,” and fiat traders are confirmed to be unaffected. Affected users can contact for assistance via the “Chat with Admin” function in the SimpleX group.
How should users with ongoing trades on RetoSwap respond?
According to RetoSwap’s emergency announcement, if a user has any outstanding trade(s) with the attacker onion address fg2lhfhgjrfz4oywqy2mfwfehhqsjse6wyrtdczsrhtves2jofi2qpad.onion:9999, they should immediately stop payment. Trading will resume after the Haveno protocol is fully repaired and the patch is released, but the specific time has not been announced.
