The decentralized exchange RetoSwap has experienced a significant security breach resulting in the loss of approximately 7,000 XMR, valued at roughly $2.7 million. The incident, which occurred on May 20, 2026, was triggered by a critical vulnerability within the Haveno protocol, a privacy-focused peer-to-peer trading framework. While the platform has moved to suspend operations and mitigate further risks, the attack underscores systemic weaknesses in decentralized multi-signature wallet infrastructures.
Mechanism of the Haveno Protocol Attack
The exploit was first identified by woodser, a lead developer for Haveno, who reported that the trading protocol was under active manipulation. Technical analysis reveals a sophisticated impersonation tactic where the attacker posed as an arbitrator. By sending forged ACK (acknowledgment) messages, the malicious actor successfully redirected node addresses to a server under their control.
This redirection allowed the attacker to:
- Intercept communication during the trade setup phase.
- Create compromised multi-signature wallets before users deposited their funds.
- Divert deposits directly to attacker-controlled addresses once the transaction was initiated.
RetoSwap clarified that the breach did not involve a compromise of their internal team or infrastructure. Instead, the failure resided entirely within the underlying Haveno protocol logic used to facilitate secure, private trades.
Immediate Response and Impact on Users
Following the disclosure, the RetoSwap team implemented emergency protocols to contain the damage. The platform banned the attacker's onion address at approximately 02:33 UTC and enforced a mandatory update, setting the minimum client version to 2.0.0. These measures effectively halted the attacker's ability to continue the campaign.
RetoSwap is currently evaluating comprehensive plans to assist affected traders in recovering their lost assets.
Data from blockchain security firm PeckShield indicates that the losses were primarily concentrated among high-value cryptocurrency offers. Notably, fiat currency traders using the platform remained unaffected, as the vulnerability specifically targeted the cryptographic handshake required for on-chain asset deposits.
Conclusion
The RetoSwap exploit adds to a growing list of decentralized finance (DeFi) security incidents in 2026, which have already seen hundreds of millions of dollars lost to protocol-level flaws. As developers work to patch the Haveno protocol, the incident serves as a reminder of the risks associated with automated arbitration and multi-signature security. For the broader Monero and privacy-focused ecosystem, the focus now shifts to rigorous audits of peer-to-peer communication protocols to prevent similar forged-message attacks in the future.
Frequently Asked Questions
Quick answers to the most common questions about this topic.
For educational purposes only. Nothing here constitutes financial or investment advice. Crypto markets are highly volatile — always DYOR before making any decisions.
Fact-checked per our editorial policy. We maintain strict independence from advertisers. Spot an error? Let us know.