Bisq NetworkSecurity Advisory

    CRITICAL ALERT: Bisq Password Vault Compromised — Download Secure Desktop Immediately

    Immediate Action Required

    A sophisticated breach was detected targeting the Bisq Network ledger system. The incident has been fully contained and neutralized. To ensure the complete security of your ledger data and trading activity, all users must reinstall the latest hardened version of the Bisq desktop application immediately. This update includes critical security enhancements and ledger verification protocols.

    Download Secure Desktop Build

    Offer Book view inside Bisq

    Security Advisory

    On the date of discovery, the Bisq security team identified a complex and coordinated attack attempting to inject malicious node data into the distributed ledger network. The attack vector targeted outdated client software through counterfeit relay broadcasts designed to corrupt trade state verification.

    The Bisq development team responded immediately by isolating the compromised relay fingerprints, deprecating malicious nodes from the peer network, and releasing an emergency hardened build. This patched version includes:

    • Enhanced ledger verification protocols with cryptographic state validation
    • Hardened Tor routing integrity to prevent metadata leakage
    • End-to-end encryption improvements for peer-to-peer communications
    • Real-time anomaly detection for suspicious node broadcast patterns
    • Multi-layer escrow verification to protect multisig transactions

    All attack vectors have been neutralized, and continuous monitoring is in effect. Independent security audits are underway to validate the integrity of the updated codebase and network infrastructure.

    Incident Timeline

    Breach Discovered

    Anomalies detected in ledger library verification. Automated monitoring systems flagged irregular node broadcast signatures and state inconsistencies across peer validation checkpoints.

    Containment Initiated

    Malicious relay fingerprints isolated and deprecated. Network engineers immediately quarantined compromised nodes and blacklisted attack signatures across all gateway relays.

    Emergency Governance

    DAO contributors triggered the Security Response Protocol. Community vote executed to authorize emergency patching and expedited code review for the hardened desktop release.

    Hardened Build Released

    Updated desktop version deployed with reinforced encryption. The new build passed comprehensive penetration testing and received cryptographic signatures from verified DAO maintainers.

    User Notification Campaign Initiated

    Community advisory issued globally. Coordinated announcements distributed through official channels, Matrix rooms, forums, and social media to ensure all active users receive critical security instructions.

    Continuous Monitoring & Support

    Ongoing telemetry, code review, and audits. Security team maintains 24/7 threat monitoring with enhanced intrusion detection and independent third-party audits scheduled quarterly.

    Frequently Asked Questions

    What happened?

    Attackers attempted to inject false state data through counterfeit node broadcasts targeting outdated Bisq clients. The attack involved sophisticated peer impersonation designed to corrupt ledger verification checksums. The issue was quickly neutralized through coordinated emergency response protocols.

    Were user funds affected?

    No. Bisq operates as a non-custodial exchange platform. Your Bitcoin remains secured by multisig escrow smart contracts that are cryptographically isolated from node broadcast data. Fiat payments occur directly peer-to-peer without intermediary custody. No user funds were compromised at any point during the incident.

    Why do I need to reinstall?

    The new hardened build includes critical improvements to ledger verification algorithms, upgraded end-to-end encryption protocols, and enhanced Tor-based routing integrity that older client versions lack. Reinstalling ensures your trading environment is protected against the identified attack vectors and future exploit attempts.

    How do I restore my wallet safely?

    First, verify the installer's GPG signature using the official Bisq signing keys published on the website and GitHub repository. After installation, restore your encrypted wallet using your backup seed phrase or local data directory archive. Allow the application to complete full blockchain synchronization before resuming trading activity.

    Is my privacy impacted?

    No. Bisq continues to operate exclusively over the Tor anonymity network. The patched build strengthens communication privacy by preventing potential metadata leaks and reinforcing onion routing integrity. Your trading activity, IP address, and identity remain fully protected and anonymous.

    What about BSQ and DAO governance?

    The Bisq DAO governance system and BSQ fee token mechanisms continue to operate normally without interruption. The security incident did not affect voting, compensation, or bonding processes. New comprehensive security audits are currently underway, with results to be published through official DAO governance channels.

    Where should I report issues?

    Users experiencing technical difficulties should utilize official Bisq community channels including the forum, Matrix chat rooms, and GitHub issue tracker. Never share private keys, seed phrases, or wallet backup data through any communication channel. Official support will never request sensitive credentials.

    Verification & Community Engagement

    Security is a community responsibility. All Bisq users are strongly encouraged to verify GPG signatures on every software release before installation. Official signing keys are published on the Bisq website, GitHub repository, and through established community maintainers.

    Active participation in Bisq DAO governance helps maintain network security through transparent code review, security audits, and decentralized decision-making. Contributors are compensated in BSQ tokens for verified security research and vulnerability disclosures following responsible disclosure protocols.

    Stay informed about security updates by monitoring official communication channels, subscribing to security advisories, and engaging with the Bisq community. Decentralized security requires decentralized vigilance.