RetoSwap halted trading after attackers exploited a flaw in the Haveno trade protocol and drained roughly 7,000 XMR, valued at about $2.7 million. The Monero-based decentralized exchange disclosed the incident through posts on X on May 21, saying Haveno lead developer woodser detected the exploit at 2:31 UTC. RetoSwap said it blocked the attacker’s onion address and froze trading two minutes later through an emergency client update.
The company said the attack did not breach RetoSwap’s own infrastructure. Instead, hackers exploited a weakness inside Haveno’s trading protocol. According to RetoSwap, the incident mainly affected large crypto trades, while fiat transactions remained unaffected. The platform has since paused operations as developers investigate the flaw and work on a security patch.
Exploit targeted haveno multisig process
RetoSwap later detailed how attackers carried out the exploit, saying they interfered with Haveno’s trade messaging system during active transactions. The flaw allowed attackers to pose as an arbitrator before funds entered a multisignature wallet, which created a pathway for unauthorized control during trades.
Per woodser, “here’s how the exploit worked: when the attacker took a trade, they sent a fake, out-of-order ACK message impersonating the arbitrator, causing the software to update the arbitrator’s node address to their own, allowing them to create a compromised multisig wallet before funds were deposited”.
Later the same day, RetoSwap told users to immediately back up wallet files in case recovery efforts become possible. The platform shared backup steps for Linux, macOS, and Windows systems and also pointed users to Haveno’s built-in backup tool. Additionally, it urged users to act quickly to secure local data.
RetoSwap runs as a peer-to-peer trading platform that uses Tor and the Haveno protocol. It does not hold user funds, since traders operate directly from local wallets instead of depositing assets into centralized accounts. The platform supports Monero, Bitcoin, Ethereum, Litecoin, Bitcoin Cash, and several stablecoins across Ethereum and Tron networks.
Bridge exploits continue across crypto
The RetoSwap exploit comes amid a wider wave of security failures across decentralized finance systems. Besides RetoSwap, MAP Protocol and ButterNetwork also reported a bridge attack involving nearly 1 quadrillion fake MAPO tokens. Blockchain security firm Blockaid linked the incident to weaknesses in bridge message verification systems.
Meanwhile, Echo Protocol said it regained control of an admin key after attackers minted about $816,000 worth of unauthorized eBTC tokens. The project paused parts of its cross-chain operations while it reviewed access controls and contract security.
According to blockchain security firm PeckShield, hackers have stolen roughly $328.6 million from bridge-related exploits in 2026 alone. The rising losses highlight ongoing weaknesses in cross-chain infrastructure, where small security gaps continue to trigger large-scale fund drains.
Also Read: Binance Says India Has No Law Restricting Crypto Withdrawals