Service Events Timeline
- Active incidents
- Low incident
Trading halted | security issues are being patched
Ongoing since
On July 1st 11:15 AM, Bisq has issued a notice stating that trading on Bisq 1 has been halted. A security audit has identified several issues that are currently being patched and the network has been halted as a precautionary measure. Existing trades are unaffected and can be completed normally. RetoSwap admins have recieved information that both their service and the underlying Haveno code are unaffected by these issues. An update will be provided within 24 hours and shared on Matrix, Reddit, and Telegram. Additional updates may also be published on X and Nostr.
- Critical incident
June 2026 server breach: ~200 XMR stolen
Ongoing since
On June 8, 2026, OpenMonero was breached again, less than three weeks after the May exploit. An attacker gained root access at the server level, not the application, and took roughly 200 XMR (about $63,000), which the operator said was all platform funds.
The operator then reported the funds as lost and has not committed to reimbursing victims. This is the platform's third funds-loss incident in twelve months.
- High incident
Exolix API exposed ~$39.5M of swap history
Ongoing since
A security researcher found that Exolix's partner API used unscoped JWT keys with no rate limiting or IP restrictions, which let anyone dump full swap histories. The exposed data covered roughly 355,000 transactions and $39.5M in volume from January 2025 to May 2026: deposit and withdrawal addresses, on-chain hashes, amounts, rates, and timestamps.
For a no-KYC swapper, this links addresses and undoes the privacy users came for. After the disclosure, Exolix called the open access "a feature, not a bug," added WAF rules, and left the underlying flaw in place.
- Medium incident
Exit IP Fingerprinting vulnerability found | Patch rollout in progress
Ongoing since
A security researcher found a vulnerability in the way Mullvad servers assign exit IP addresses to user devices, allowing websites to fingerprint the same user accessing them through different servers. Changing servers has been rendered useless for unlinkability purposes. Mullvad has acknowledged the vulnerability in a blog post and is currently patching its servers to mitigate the issue. Here is a list of the servers that have been patched.
- Medium incident
Unresolved reports of withheld large swaps
Ongoing since
Multiple users report large swaps withheld for months without resolution: a ~700 XMR case on Bitcointalk, plus a 391 XMR swap and other large holds on BestChange through April 2026. Swapter cites liquidity and security checks and answers small swaps quickly, but the big cases stay unrefunded, sometimes marked "solved" while the funds remain stuck. Small, fast swaps are consistently reviewed well. Treat Swapter with caution for large amounts: test small, keep records, and avoid committing significant sums until these reports clear.
- Ongoing events
-
Possible hidden fees | Act with caution
Ongoing since
A user on the OrangeFren SimpleX group has stated that Swapuz charged him a previously undisclosed additional hidden fee for conducting a 'high-risk' transfer. OrangeFren stepped in and negotiated a refund on behalf of the user. If the amount after the trade differs significantly with the one stated beforehand, we encourage you to talk to their support and to let us know. Executing the trade through an aggregator with a guarantee is highly recommended.
-
Service paused
Ongoing since
Due to security concerns over upstream code quality, the Dawnswap admins have decided to pause the service and halt all trading until a more stable Haveno version is released or a third party security audit is performed on the Haveno codebase. They have expressed willingness to partially fund such audit if there is also interest from other Haveno instances in doing so.
-
Suspicious promotion via compromised subreddit
Ongoing since
r/AskMonero shows clear signs of compromise, Fujn Swap is being promoted in posts there.
Users should exercise extreme caution with any amounts and avoid relying on the subreddit for advice.
-
Website is down
Ongoing since
Both robosats.org and its onion site are down. We are monitoring the issue for future updates. You can try using some of the secondary onion addresses in the meantime.
-
Compliance procedures update
Ongoing since
Due to recent sanctions-related developments involving Huobi/HTX, funds originating from Huobi will be suspended by the service and will be subject to additional verification.
-
New beta available for testing
Ongoing since
xChange.me announced a new beta software available at https://beta.xchange.me and https://nojs.xchange.me for Tor usage. In the beta period, lasting between one to three months, there will be a 1% fee in the new sites for XMR and BTC to encourage testing.
-
Admin vanished
Ongoing since
MajesticBank admin has not been seen online since the service shut down. The admin did refund some users on the day of the incident, but it seems like he won't come back online. Many users still have pending refunds and have been left unanswered. For this reason, we are marking MajesticBank as scam until further updates.
-
- Earlier
-
-
-
-
-
-
-
-
Android app v1.0.7 released | update encouraged
A new version of the RetoSwap Android app has been released, making this release compatible with Haveno v1.8.0. It also adds Zcash support and brings the ability to use stablecoin market value when making an offer, besides small UX improvements. Since this release is compatible with Haveno v1.8.0, the one containing the security enhancements, Android users are strongly encouraged to update.
-
Version 0.16.6 released with multiple security improvements | update recommended
BSX Core 16.6 has been released, with substantial hardening done to the fund-safety verification process. Notable security improvements include stronger lock-amount verification, symmetric refund-signature verification, smarter swap-type defaults, automatic chain-fee-rate validation and subfee bids.
-
-
Call for password reset +2FA
Following the latest hack, the OpenMonero admin has issued a new update, having reset all user 2FA tokens and urging them to change passwords and settlement wallet addresses. Users who registered between April 12 and May 22 are encouraged to open a support ticket. A new Session Notification Bot has also been created, while users have been told to block the old one.
-
Trading has resumed
After more than a month offline, trading has resumed on THORChain. v3.19.1 shipped with new protocol patches. The release has bundled two things: patches to the KeyVerify process, and a fix for a Gaia (Cosmos Hub) bug the team wanted to patch before bringing those nodes back to the chain tip. XMR integration is expected to go live one month from now.
- Medium incident
Haveno vulnerability confirmed | Pause all trading
From to
Haveno lead developer woodser confirmed a new vulnerability in the dispute resolution process, allowing attackers to forge dispute payouts. Since Dawnswap is built on top of Haveno, it is vulnerable to the same exploit. A security patch is being prepared, and users are advised to back up their application data (e.g., wallet directories) in case of recovery efforts. The admins have issued a message in their SimpleX group asking users to cancel all offers and conclude trading, though its unclear if they have taken the service offline. A user has reported a small loss of funds in the Haveno Matrix room, but the Dawnswap admins claim not to have received any such refund request. They remain open to check the issue if contacted though.
If you are running Dawnswap, revoke all offers and refrain from trading.
-
-
-
-
-
-
-
- Medium incident Resolved
Node exploit drained $10.7M, trading halted
From to
On May 15, 2026, a malicious node exploited a flaw in THORChain's threshold-signature scheme to rebuild a vault's signing key and drain about $10.7M from one Asgard vault. The funds were protocol-owned; user swaps and LP positions stayed safe.
THORChain halted trading, signing, and churning, slashed the attacker's bond, and patched the flaw in v3.18.1 and v3.19.0. Node operators approved the ADR-028 recovery plan, which absorbs the loss through protocol-owned liquidity without minting RUNE or diluting holders. As of mid-June the network runs a staged restart and trading remains paused.
-
RetoSwap 1.8.0 released | security issue fixed
Shortly after Haveno lead developer woodser released version 1.8.0, RetoSwap shipped the update, fixing the previously exploited vulnerability and patching other related issues. Additionally, you can now enable passphrase protected offers, where by only users whom you share the passphrase with can take them. Trading can be resumed. Refunds are still pending but are expected to be covered mostly by future trading fees.
-
- Medium incident Resolved
Haveno vulnerability confirmed - Trading halted
From to
Haveno lead dev woodser confirmed a new vulnerability in the dispute resolution process, allowing attackers to forge dispute payouts. A security patch is being prepared, and users are advised to back up their application data (e.g., wallet directories) in case of recovery efforts. RetoSwap and operators were again urged to act cautiously.
If you are running RetoSwap, revoke all offeers and pause trading. Affected users can reach out to RetoSwap in the RetoSwap SimpleX group via the 'chat with admin' feature.
- Medium incident Resolved
Haveno vulnerability confirmed - Trading halted
From to
Haveno lead dev woodser confirmed a new vulnerability in the dispute resolution process, allowing attackers to forge dispute payouts. A security patch is being prepared, and users are advised to back up their application data (e.g., wallet directories) in case of recovery efforts. RetoSwap and operators were again urged to act cautiously.
If you are running RetoSwap, revoke all offeers and pause trading. Affected users can reach out to RetoSwap in the RetoSwap SimpleX group via the 'chat with admin' feature.
-
-
Domain change
Service URLs updated from https://roboex.cc, https://roboex.cx to https://roboex.cc
-
Fund-loss reports investigated, not reproduced
From to
Some users reported sending funds that never arrived in their accounts. We investigated and could not reproduce the problem: two separate test deposits credited correctly and SMS delivery worked. We could not reproduce any loss of funds, and some of the reports appear coordinated.
-
-
Peach web released
Peach Bitcoin has released a web app, allowing for seamless use across all platforms. Logging in to the web app is handled by scanning a QR code in the phone app. Transacting on the website is authorized though the mobile app.
- Medium incident Resolved
Exploit in poisoned secret-has atomic swaps | Update to 0.16.4 or higher
From to
This exploit enables an attacker running a modified legacy client to under-fund their side of a trade, executing the trade with a lower amount than the one initially agreed upon. A couple of malicious offers have been spotted on the wild. A fix was rolled out with version 0.16.4. BasicSwap has urged its users to update.
-
Abruptly terminates VPS customers without notice
From to
1984.is abruptly shut down the VPS hosting XMRBazaar (a Monero marketplace) on June 6, 2026, citing abuse tickets, mostly DMCA, that XMRBazaar says it never received and had no chance to answer. Service was restored within about a day after review.
It fits a pattern: 1984 also cut off Hack Liberty in March 2026 after four years. Its terms reserve the right to terminate "with or without notice" at sole discretion, so the action was within policy, but for a host that markets privacy and civil rights, no-notice takedowns over disputed copyright claims drew downgrades from several directories.
-
Android app passes security assessment
The Mullvad VPN Android app has successfully passed a security assessment by Leviathan Security Group. The app has updated minor issues in order to more closely align with the Mobile App Profile specification. This is the second year in a row where the app passes the assessment.
- Low incident Resolved
Maker-side ASB bug exploited to grief liquidity providers
From to
Before the May 27 patch, eigenwallet's maker-side Automated Swap Backend (ASB) failed to sanity-check the Bitcoin cancel-transaction fee. A malicious taker could propose an absurdly high fee and burn value during a swap, griefing the maker. Regular wallet users and takers were never at risk.
Attackers used it across four swaps, affecting two market makers and roughly 0.657 BTC. Nothing was stolen: the griefer burned more of their own BTC than they destroyed. eigenwallet shipped fee validation in v4.6.7 within a day and started a reimbursement fund, its donation wallet plus community donations, to cover affected makers in part.
- High incident Resolved
Haveno protocol exploit: ~7,000 XMR stolen
From to
On May 20, 2026, attackers exploited a flaw in the Haveno trade protocol that RetoSwap runs on, impersonating the trade arbitrator before funds reached the multisig escrow and draining about 7,000 XMR (~$2.7M) from users mid-trade.
RetoSwap caught it within minutes, banned the attacker's onion address, halted trading, and pushed a mandatory client upgrade with identity-verification fixes before resuming. The root flaw was in Haveno, an upstream dependency, not RetoSwap's own code.
The stolen XMR was not recovered, and no reimbursement has been confirmed. Affected users were told to keep their wallet backups in case recovery becomes possible later.
- Medium incident Resolved
May 2026 exploit: ~40 XMR lost
From to
On May 21, 2026, an application-layer exploit cost OpenMonero around 40 XMR. The team told users to halt payments (report) and patched the flaw within two days. OpenMonero later reported that it had refunded every affected user in full.
This was the platform's second funds-loss incident, after the 2025 server breach.
-
-
Bridge downtime triggered rug-pull claims
From to
Wagyu's bridge and UI went down in May 2026, and the outage sparked rug-pull allegations across Reddit and X. The developer clarified that funds were safe and that withdrawals still worked through the Hyperliquid Terminal, and users have since confirmed the bridge keeps working both ways.
Note: Wagyu runs a centralized bridge, so you are trusting the team to hold and deliver the actual Monero. That counterparty risk stands regardless of this scare.
- High incident Resolved
Bisq v1 protocol exploit: ~11 BTC stolen
From to
On May 1, 2026, an attacker exploited a negative miner-fee validation bug in the Bisq v1 trade protocol and took about 11 BTC from roughly 10 users, mostly on altcoin trades.
Bisq patched the flaw in v1.10.0 two weeks later and published a full post-mortem. The bug never reached the newer Bisq 2 or Bisq Easy protocols.
The Bisq DAO reimbursed affected users in full, in BTC or BSQ. See the official thread for details.
-
-
-
-
Service Archival Notice
From to
The service appears to be no longer operational. It has been four months since they last had any stock of numbers, and the SMS service has been unreliable. As a result, we are archiving this service. If you are the service owner, please contact us.
-
-
-
Absence Due to Family Emergency
From to
Trêvoid will be unavailable for two weeks due to a family emergency. All active swaps are closed, and no new requests will be processed during this period. Return is expected once the situation stabilizes.
- High incident Resolved
2025 server breach: ~78 XMR stolen
From to
On June 6, 2025, an attacker breached OpenMonero's server, gained root access, and drained the escrowed user and vendor funds, around 78 XMR (Monero Observer).
OpenMonero disabled trading, updated its firewall, and refunded victims in batches from trading fees over the following months, vendors first. By late December 2025 it claimed every user had been made whole.
kycnot.me could not independently verify the full refund, and at least one user reported receiving only part of their balance. Treat the recovery as operator-reported.
-
-
-
- Critical incident
MajesticBank has shut down
From to
MajesticBank has made an official statement that they have shut down operations. If you have a pending or stuck order, contact them on telegram or mail.
-
-
-
-
Refunds are being sent
Some users started reporting they are receiving refunds. If you have a pending transaction with MajesticBank, contact them by email or Telegram within the next 30 days.
-
Stuck exchanges
From to
AVOID using MajesticBank until further notice. Transactions are stuck due to an unresolved issue since 2 days ago, and support is unresponsive.
-
Service is offline
From to
UPDATE 07/20/25: Server was offline due to a fault on BuyVM's end.
As of the 17th of July, ghostbox.cc seems to be completely down, no ping, no website, bounces when writing to postmaster@ghostbox.cc.
-
DDoS attack
At around 10:30 PM EEST, the website started getting attacked with over 720k requests in a couple of minutes.
-
-
Exit Scam
The website is no longer accessible. An exit scam meme is showing on the landing page.
-
Partially on vacations
Non-urgent tickets, Telegram registration help with British and Irish numbers, confirmation of non-automatic payments (up to 4 hours or till late night).
-
-
-
Potential Service Issues
From to
Some users on Dread are reporting issues receiving their funds for large amount trades.
-
-
-
-
Delisted
Vigorswap, which was listed yesterday, has been delisted after a user had an issue with a stuck exchange. I am trying to contact support, but they do not respond. This is an ongoing issue, see the service comment section for new updates.
-
Listed
VigorSwap has been listed.
The exchange has been tested by kycnot.me with a successful trade, attributes have been verified, links have been checked, and ToS/FAQ has been read.
-
-
-
-
-
-
Updated info
Updated information for Boltz as requested by site admins. Updated description, ToS link and added API attribute.
-
-
Monezon has been delisted
Monezon has been delisted, ongoing investigation. Orders seem to not be processed.
Big Bang
Loading more events...
Enable JavaScript to load more events