smartcontractshacking.com
RetoSwap Hack Exploits Haveno Protocol Vulnerability
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
On May 20, 2026, RetoSwap, a P2P decentralized exchange, was hacked, resulting in the theft of approximately 7,000 XMR (around $2.7 million). The attacker exploited a critical vulnerability in the Haveno trading protocol, allowing them to impersonate an arbitrator during multisig wallet creation. By sending a fraudulent ACK message, the attacker gained control of the arbitrator's node address, enabling them to hijack the wallet setup process. Once the victim deposited funds, the attacker drained the compromised wallet. The incident primarily affected large-scale crypto-to-crypto trades, while fiat transactions were not impacted. The stolen Monero is untraceable, complicating recovery efforts. This hack highlights the importance of thorough security audits to identify business logic errors in protocols. The current status of the stolen funds remains unresolved.
Key Points: • RetoSwap lost approximately $2.7 million due to a hack exploiting Haveno's vulnerabilities. • The attacker impersonated an arbitrator by sending a spoofed ACK message during wallet creation. • The incident underscores the need for comprehensive security audits to detect business logic errors.