PANews reported on May 21 that decentralized exchange RetoSwap disclosed on its X platform that Haveno's lead developer, woodser, reported an attack on the trading protocol yesterday morning. RetoSwap immediately blocked the attacker's onion address, set the minimum client version to 2.0.0, and suspended trading on its platform. RetoSwap emphasized that its team was not compromised, and the issue stemmed from a vulnerability in the Haveno protocol itself. Losses were primarily concentrated on large cryptocurrency quotes; fiat currency traders were unaffected. Analysis suggests that the attacker impersonated an arbitrator by sending forged ACK messages, changing node addresses to addresses under their control, thereby creating compromised multi-signature wallets before funds were deposited. RetoSwap is evaluating solutions to help affected traders recover their losses.

According to PyShield, RetoSwap lost approximately 7,000 XMR tokens in this attack, worth about $2.7 million.