Filters

Clear all

Service Events Timeline

  1. Active incidents
  2. Low incident

    Trading halted | security issues are being patched

    Ongoing since

    On July 1st 11:15 AM, Bisq has issued a notice stating that trading on Bisq 1 has been halted. A security audit has identified several issues that are currently being patched and the network has been halted as a precautionary measure. Existing trades are unaffected and can be completed normally. RetoSwap admins have recieved information that both their service and the underlying Haveno code are unaffected by these issues. An update will be provided within 24 hours and shared on Matrix, Reddit, and Telegram. Additional updates may also be published on X and Nostr.

  3. Critical incident

    June 2026 server breach: ~200 XMR stolen

    Ongoing since

    On June 8, 2026, OpenMonero was breached again, less than three weeks after the May exploit. An attacker gained root access at the server level, not the application, and took roughly 200 XMR (about $63,000), which the operator said was all platform funds.

    The operator then reported the funds as lost and has not committed to reimbursing victims. This is the platform's third funds-loss incident in twelve months.

  4. High incident

    Exolix API exposed ~$39.5M of swap history

    Ongoing since

    A security researcher found that Exolix's partner API used unscoped JWT keys with no rate limiting or IP restrictions, which let anyone dump full swap histories. The exposed data covered roughly 355,000 transactions and $39.5M in volume from January 2025 to May 2026: deposit and withdrawal addresses, on-chain hashes, amounts, rates, and timestamps.

    For a no-KYC swapper, this links addresses and undoes the privacy users came for. After the disclosure, Exolix called the open access "a feature, not a bug," added WAF rules, and left the underlying flaw in place.

  5. Medium incident

    Exit IP Fingerprinting vulnerability found | Patch rollout in progress

    Ongoing since

    A security researcher found a vulnerability in the way Mullvad servers assign exit IP addresses to user devices, allowing websites to fingerprint the same user accessing them through different servers. Changing servers has been rendered useless for unlinkability purposes. Mullvad has acknowledged the vulnerability in a blog post and is currently patching its servers to mitigate the issue. Here is a list of the servers that have been patched.

  6. Medium incident

    Unresolved reports of withheld large swaps

    Ongoing since

    Multiple users report large swaps withheld for months without resolution: a ~700 XMR case on Bitcointalk, plus a 391 XMR swap and other large holds on BestChange through April 2026. Swapter cites liquidity and security checks and answers small swaps quickly, but the big cases stay unrefunded, sometimes marked "solved" while the funds remain stuck. Small, fast swaps are consistently reviewed well. Treat Swapter with caution for large amounts: test small, keep records, and avoid committing significant sums until these reports clear.

  7. Ongoing events
  8. Possible hidden fees | Act with caution

    Ongoing since

    A user on the OrangeFren SimpleX group has stated that Swapuz charged him a previously undisclosed additional hidden fee for conducting a 'high-risk' transfer. OrangeFren stepped in and negotiated a refund on behalf of the user. If the amount after the trade differs significantly with the one stated beforehand, we encourage you to talk to their support and to let us know. Executing the trade through an aggregator with a guarantee is highly recommended.

  9. Service paused

    Ongoing since

    Due to security concerns over upstream code quality, the Dawnswap admins have decided to pause the service and halt all trading until a more stable Haveno version is released or a third party security audit is performed on the Haveno codebase. They have expressed willingness to partially fund such audit if there is also interest from other Haveno instances in doing so.

  10. Suspicious promotion via compromised subreddit

    Ongoing since

    r/AskMonero shows clear signs of compromise, Fujn Swap is being promoted in posts there.

    Users should exercise extreme caution with any amounts and avoid relying on the subreddit for advice.

  11. Website is down

    Ongoing since

    Both robosats.org and its onion site are down. We are monitoring the issue for future updates. You can try using some of the secondary onion addresses in the meantime.

  12. Compliance procedures update

    Ongoing since

    Due to recent sanctions-related developments involving Huobi/HTX, funds originating from Huobi will be suspended by the service and will be subject to additional verification.

  13. New beta available for testing

    Ongoing since

    xChange.me announced a new beta software available at https://beta.xchange.me and https://nojs.xchange.me for Tor usage. In the beta period, lasting between one to three months, there will be a 1% fee in the new sites for XMR and BTC to encourage testing.

  14. Admin vanished

    Ongoing since

    MajesticBank admin has not been seen online since the service shut down. The admin did refund some users on the day of the incident, but it seems like he won't come back online. Many users still have pending refunds and have been left unanswered. For this reason, we are marking MajesticBank as scam until further updates.

  15. Service is down

    Ongoing since

    Service is down, all of their sites are offline. This could potentially be an exit scam, however there seems to be no reports of any affected user.

  16. Earlier
  17. Advertises below market rates | Possible exit scam

    From to

    According to the swap service directory OrangeFren, Bitania has been advertising swaps with below market rates. This can indicate a possible exit scam.

  18. Attribute added

    Attribute "Identity-Free registration" was added to Baltex

  19. Attribute added

    Attribute "May Freeze or Seize Funds " was added to Baltex

  20. Attribute added

    Attribute "Transaction monitoring" was added to Baltex

  21. Attribute added

    Attribute "Data Sharing" was added to Baltex

  22. Attribute added

    Attribute "Non-custodial protocol" was added to Baltex

  23. Description update

    Description was updated

  24. Android app v1.0.7 released | update encouraged

    A new version of the RetoSwap Android app has been released, making this release compatible with Haveno v1.8.0. It also adds Zcash support and brings the ability to use stablecoin market value when making an offer, besides small UX improvements. Since this release is compatible with Haveno v1.8.0, the one containing the security enhancements, Android users are strongly encouraged to update.

  25. Version 0.16.6 released with multiple security improvements | update recommended

    BSX Core 16.6 has been released, with substantial hardening done to the fund-safety verification process. Notable security improvements include stronger lock-amount verification, symmetric refund-signature verification, smarter swap-type defaults, automatic chain-fee-rate validation and subfee bids.

  26. Attribute added

    Attribute "Some countries are restricted" was added to sideshift.ai

  27. Call for password reset +2FA

    Following the latest hack, the OpenMonero admin has issued a new update, having reset all user 2FA tokens and urging them to change passwords and settlement wallet addresses. Users who registered between April 12 and May 22 are encouraged to open a support ticket. A new Session Notification Bot has also been created, while users have been told to block the old one.

  28. Trading has resumed

    After more than a month offline, trading has resumed on THORChain. v3.19.1 shipped with new protocol patches. The release has bundled two things: patches to the KeyVerify process, and a fix for a Gaia (Cosmos Hub) bug the team wanted to patch before bringing those nodes back to the chain tip. XMR integration is expected to go live one month from now.

  29. Medium incident

    Haveno vulnerability confirmed | Pause all trading

    From to

    Haveno lead developer woodser confirmed a new vulnerability in the dispute resolution process, allowing attackers to forge dispute payouts. Since Dawnswap is built on top of Haveno, it is vulnerable to the same exploit. A security patch is being prepared, and users are advised to back up their application data (e.g., wallet directories) in case of recovery efforts. The admins have issued a message in their SimpleX group asking users to cancel all offers and conclude trading, though its unclear if they have taken the service offline. A user has reported a small loss of funds in the Haveno Matrix room, but the Dawnswap admins claim not to have received any such refund request. They remain open to check the issue if contacted though.

    If you are running Dawnswap, revoke all offers and refrain from trading.

  30. Currency update

    Added currencies: LIGHTNING

  31. Attribute added

    Attribute "Potential risk" was added to Fujn Swap

  32. Attribute removed

    Attribute "No registration needed" was removed from Fujn Swap

  33. Attribute removed

    Attribute "Peer to peer market" was removed from Fujn Swap

  34. Attribute removed

    Attribute "Non-custodial wallet" was removed from Fujn Swap

  35. Attribute removed

    Attribute "Good Customer Support" was removed from Fujn Swap

  36. Attribute removed

    Attribute "No KYC after AML check" was removed from Fujn Swap

  37. Medium incident Resolved

    Node exploit drained $10.7M, trading halted

    From to

    On May 15, 2026, a malicious node exploited a flaw in THORChain's threshold-signature scheme to rebuild a vault's signing key and drain about $10.7M from one Asgard vault. The funds were protocol-owned; user swaps and LP positions stayed safe.

    THORChain halted trading, signing, and churning, slashed the attacker's bond, and patched the flaw in v3.18.1 and v3.19.0. Node operators approved the ADR-028 recovery plan, which absorbs the loss through protocol-owned liquidity without minting RUNE or diluting holders. As of mid-June the network runs a staged restart and trading remains paused.

  38. RetoSwap 1.8.0 released | security issue fixed

    Shortly after Haveno lead developer woodser released version 1.8.0, RetoSwap shipped the update, fixing the previously exploited vulnerability and patching other related issues. Additionally, you can now enable passphrase protected offers, where by only users whom you share the passphrase with can take them. Trading can be resumed. Refunds are still pending but are expected to be covered mostly by future trading fees.

  39. Version 1.8.0 released | security issue patched

    Haveno lead developer woodser released a new version of Haveno, fixing the previously exploited security issue and more. The fix also contains passphrase protection for all offer types.

  40. Medium incident Resolved

    Haveno vulnerability confirmed - Trading halted

    From to

    Haveno lead dev woodser confirmed a new vulnerability in the dispute resolution process, allowing attackers to forge dispute payouts. A security patch is being prepared, and users are advised to back up their application data (e.g., wallet directories) in case of recovery efforts. RetoSwap and operators were again urged to act cautiously.

    If you are running RetoSwap, revoke all offeers and pause trading. Affected users can reach out to RetoSwap in the RetoSwap SimpleX group via the 'chat with admin' feature.

  41. Medium incident Resolved

    Haveno vulnerability confirmed - Trading halted

    From to

    Haveno lead dev woodser confirmed a new vulnerability in the dispute resolution process, allowing attackers to forge dispute payouts. A security patch is being prepared, and users are advised to back up their application data (e.g., wallet directories) in case of recovery efforts. RetoSwap and operators were again urged to act cautiously.

    If you are running RetoSwap, revoke all offeers and pause trading. Affected users can reach out to RetoSwap in the RetoSwap SimpleX group via the 'chat with admin' feature.

  42. v1.10.2 released | update encouraged

    Bisq version 1.10.2 has been released, bringing with it both stronger DAO consensus validation and merit verification. It also improves DAO voting precision and issuance calculations. Finally, it adds protections against invalid consensus states.

  43. Domain change

    Service URLs updated from https://roboex.cc, https://roboex.cx to https://roboex.cc

  44. Fund-loss reports investigated, not reproduced

    From to

    Some users reported sending funds that never arrived in their accounts. We investigated and could not reproduce the problem: two separate test deposits credited correctly and SMS delivery worked. We could not reproduce any loss of funds, and some of the reports appear coordinated.

  45. Service offline

    From to

    This service is offline, without notice from admins

  46. Peach web released

    Peach Bitcoin has released a web app, allowing for seamless use across all platforms. Logging in to the web app is handled by scanning a QR code in the phone app. Transacting on the website is authorized though the mobile app.

  47. Medium incident Resolved

    Exploit in poisoned secret-has atomic swaps | Update to 0.16.4 or higher

    From to

    This exploit enables an attacker running a modified legacy client to under-fund their side of a trade, executing the trade with a lower amount than the one initially agreed upon. A couple of malicious offers have been spotted on the wild. A fix was rolled out with version 0.16.4. BasicSwap has urged its users to update.

  48. Abruptly terminates VPS customers without notice

    From to

    1984.is abruptly shut down the VPS hosting XMRBazaar (a Monero marketplace) on June 6, 2026, citing abuse tickets, mostly DMCA, that XMRBazaar says it never received and had no chance to answer. Service was restored within about a day after review.

    It fits a pattern: 1984 also cut off Hack Liberty in March 2026 after four years. Its terms reserve the right to terminate "with or without notice" at sole discretion, so the action was within policy, but for a host that markets privacy and civil rights, no-notice takedowns over disputed copyright claims drew downgrades from several directories.

  49. Android app passes security assessment

    The Mullvad VPN Android app has successfully passed a security assessment by Leviathan Security Group. The app has updated minor issues in order to more closely align with the Mobile App Profile specification. This is the second year in a row where the app passes the assessment.

  50. Low incident Resolved

    Maker-side ASB bug exploited to grief liquidity providers

    From to

    Before the May 27 patch, eigenwallet's maker-side Automated Swap Backend (ASB) failed to sanity-check the Bitcoin cancel-transaction fee. A malicious taker could propose an absurdly high fee and burn value during a swap, griefing the maker. Regular wallet users and takers were never at risk.

    Attackers used it across four swaps, affecting two market makers and roughly 0.657 BTC. Nothing was stolen: the griefer burned more of their own BTC than they destroyed. eigenwallet shipped fee validation in v4.6.7 within a day and started a reimbursement fund, its donation wallet plus community donations, to cover affected makers in part.

  51. High incident Resolved

    Haveno protocol exploit: ~7,000 XMR stolen

    From to

    On May 20, 2026, attackers exploited a flaw in the Haveno trade protocol that RetoSwap runs on, impersonating the trade arbitrator before funds reached the multisig escrow and draining about 7,000 XMR (~$2.7M) from users mid-trade.

    RetoSwap caught it within minutes, banned the attacker's onion address, halted trading, and pushed a mandatory client upgrade with identity-verification fixes before resuming. The root flaw was in Haveno, an upstream dependency, not RetoSwap's own code.

    The stolen XMR was not recovered, and no reimbursement has been confirmed. Affected users were told to keep their wallet backups in case recovery becomes possible later.

  52. Medium incident Resolved

    May 2026 exploit: ~40 XMR lost

    From to

    On May 21, 2026, an application-layer exploit cost OpenMonero around 40 XMR. The team told users to halt payments (report) and patched the flaw within two days. OpenMonero later reported that it had refunded every affected user in full.

    This was the platform's second funds-loss incident, after the 2025 server breach.

  53. Android app released

    ObscuraVPN now has an official Android client.

  54. Bridge downtime triggered rug-pull claims

    From to

    Wagyu's bridge and UI went down in May 2026, and the outage sparked rug-pull allegations across Reddit and X. The developer clarified that funds were safe and that withdrawals still worked through the Hyperliquid Terminal, and users have since confirmed the bridge keeps working both ways.

    Note: Wagyu runs a centralized bridge, so you are trusting the team to hold and deliver the actual Monero. That counterparty risk stands regardless of this scare.

  55. High incident Resolved

    Bisq v1 protocol exploit: ~11 BTC stolen

    From to

    On May 1, 2026, an attacker exploited a negative miner-fee validation bug in the Bisq v1 trade protocol and took about 11 BTC from roughly 10 users, mostly on altcoin trades.

    Bisq patched the flaw in v1.10.0 two weeks later and published a full post-mortem. The bug never reached the newer Bisq 2 or Bisq Easy protocols.

    The Bisq DAO reimbursed affected users in full, in BTC or BSQ. See the official thread for details.

  56. Owner background

    From to

    The owner is a convicted cybercriminal with a history of DDoS blackmail, extortion, and faking customer reviews.

    (event ended on favor of the verification step warning)

  57. Critical incident Resolved

    Seized domain

    The domain has been seized by the FBI

  58. Service outage

    From to

    The service is down and can't be accessed. We are monitoring the situation.

  59. Service Archival Notice

    From to

    The service appears to be no longer operational. It has been four months since they last had any stock of numbers, and the SMS service has been unreliable. As a result, we are archiving this service. If you are the service owner, please contact us.

  60. Service is down

    From to

    As of 03/18 7AM (UTC), the service is unresponsive

  61. Project renamed to nadanada

    LNVPN has been renamed to nadanada

  62. Absence Due to Family Emergency

    From to

    Trêvoid will be unavailable for two weeks due to a family emergency. All active swaps are closed, and no new requests will be processed during this period. Return is expected once the situation stabilizes.

  63. High incident Resolved

    2025 server breach: ~78 XMR stolen

    From to

    On June 6, 2025, an attacker breached OpenMonero's server, gained root access, and drained the escrowed user and vendor funds, around 78 XMR (Monero Observer).

    OpenMonero disabled trading, updated its firewall, and refunded victims in batches from trading fees over the following months, vendors first. By late December 2025 it claimed every user had been made whole.

    kycnot.me could not independently verify the full refund, and at least one user reported receiving only part of their balance. Treat the recovery as operator-reported.

  64. Critical incident Resolved

    Canadian Police seized TradeOgre

    RCMP has executed a record seizure of more than 56 million dollars in cryptocurrency.

  65. Service unreliable

    From to

    TradeOgre had been offline for over a week. This may indicate a potential exit scam. The issue remains ongoing.

  66. Website down

    From to

    TradeOgre was offline for 12–18 hours, causing speculation of a hack or seizure. Both the main site and API returned connection errors. The platform has not issued a public explanation. The cause remains unconfirmed.

  67. Critical incident

    MajesticBank has shut down

    From to

    MajesticBank has made an official statement that they have shut down operations. If you have a pending or stuck order, contact them on telegram or mail.

  68. Balances were refunded and cards are working again

    XKard team refunded all frozen balances and cards are working again. They are working on a new V3 version too.

  69. Issues with HKD Visa

    From to

    Technical issues with recharge/spending of HK Visa with Apple/Google Pay due to high traffic. XKard assures the funds are safe and are working on the issue.

  70. Rename

    From to

    Unstoppable Swap has been renamed to 'Eigenwallet'

  71. Refunds are being sent

    Some users started reporting they are receiving refunds. If you have a pending transaction with MajesticBank, contact them by email or Telegram within the next 30 days.

  72. Stuck exchanges

    From to

    AVOID using MajesticBank until further notice. Transactions are stuck due to an unresolved issue since 2 days ago, and support is unresponsive.

  73. Service is offline

    From to

    UPDATE 07/20/25: Server was offline due to a fault on BuyVM's end.

    As of the 17th of July, ghostbox.cc seems to be completely down, no ping, no website, bounces when writing to postmaster@ghostbox.cc.

  74. DDoS attack

    At around 10:30 PM EEST, the website started getting attacked with over 720k requests in a couple of minutes.

  75. Currencies Updated

    Added currencies: MONERO

  76. Exit Scam

    The website is no longer accessible. An exit scam meme is showing on the landing page.

  77. Partially on vacations

    Non-urgent tickets, Telegram registration help with British and Irish numbers, confirmation of non-automatic payments (up to 4 hours or till late night).

  78. Service Down

    Clearnet shows a Cloudflare Tunnel error.

  79. Site is down

    The site is no longer accessible. Their telegram channel is also gone.

  80. Potential Service Issues

    From to

    Some users on Dread are reporting issues receiving their funds for large amount trades.

  81. All onion sites are down

    All infinity onion sites seem to be down.

  82. Shut down operations

    eXch has officially shut down operations. For this reason, it has been archived.

  83. Main domain changed to .net

    The main domain changed from exch.cx to exch.net

  84. Delisted

    Vigorswap, which was listed yesterday, has been delisted after a user had an issue with a stuck exchange. I am trying to contact support, but they do not respond. This is an ongoing issue, see the service comment section for new updates.

  85. Listed

    VigorSwap has been listed.

    The exchange has been tested by kycnot.me with a successful trade, attributes have been verified, links have been checked, and ToS/FAQ has been read.

  86. Delisted

    The service has been delisted since it is no longer operational.

  87. Listed

    Vexl has been listed

  88. Updated info

    Cash attribute removed, since it is not accepted

  89. Updated info

    Cash attribute removed, since it is not accepted

  90. Updated info

    The clearnet URL is no longer working, for this reason it has been removed.

  91. Updated info

    Updated information for Boltz as requested by site admins. Updated description, ToS link and added API attribute.

  92. Javascript required

    Javsacript is required to use the service

  93. Monezon has been delisted

    Monezon has been delisted, ongoing investigation. Orders seem to not be processed.

  94. Big Bang