Based on preliminary estimates from data analysis and reports from affected users, the total amount stolen appears to be approximately 11 BTC. So far only Altcoin trades have been reported. This remains a preliminary estimate.
In short, the exploit was caused by a missing validation that should have rejected negative input values provided by the taker. The maker and taker must use the same miner fee. That fee value is provided by the taker.
The attacker supplied a negative miner fee. When the maker calculated the multisig output — including the payout transaction fee — the negative value reduced the multisig amount to 0.001 BTC, while the remaining funds were redirected to the taker’s change output.
Some Bisq developers are highly proficient with AI tools. However, we had not systematically used them as part of an actual security audit process. One developer attempted to get Bisq into an external security audit program, but the application was rejected.
In hindsight, this was a serious failure on our side. The mistake was not only the missing validation check. It was also failing to react early enough to the changing security landscape and the increasing practical relevance of AI-assisted vulnerability discovery.
We must assume that there will be further attempts. Over the coming weeks we will invest significant effort into hardening the codebase and using AI tools to search for failure modes. We will particularly focus on vulnerabilities that could directly affect the wallet.
Until additional review and hardening are completed, we recommend that Bisq users do not keep more BTC in their Bisq wallet than is necessary for active trading.
Bisq also published an X thread about this: