The developers behind the peer-to-peer cryptocurrency trading platform Bisq have temporarily disabled services after discovering a critical security vulnerability.
Formerly known as Bitsquare, Bisq is a decentralized exchange (DEX) that facilitates crypto-to-fiat trades without a formal intermediary. In a community announcement posted on April 8, the developers said that they were investigating the security issue, telling users:
“If you have any active trades right now, please DO NOT send any funds.”
The devs add that it is “especially important” for users not to send any funds if they are involved with any of the trades included in a provided list of specific multisig transactions.
Users can override suspension — but at their own risk
As a decentralized exchange, the developers’ intervention is not airtight. In a follow-up to the original post, they wrote:
“To clear confusion: yes, Bisq is a proper distributed peer-to-peer network. So you can override the latest alert key functionality that blocks trading. But we highly discourage you from doing this for your own security.”
Pledging to release more details when they can, the developers indicate that all existing trades cannot be completed until they release v1.3.0 of the application. “Please hold tight,” they stressed, noting that due to Bisq’s security model, user funds are not at risk.
Bisq and its predecessors
As previously reported, Bisq’s popularity last year eclipsed stalwart P2P platform LocalBitcoins, after the latter abruptly withdrew the option for users to meet and execute trades for cash.
This February, LocalBitcoins touched a seven-year low in overall trading volumes — an apparent mark of ongoing user uncertainty in response to a series of incidents and allegations. In January, the platform had hit a two-year low for weekly volumes in China.