Bisq Hack Reveals Dangers of Decentralized Exchanges

Reading Time: 2 minutes

Last week’s attack on Bisq, which saw $250,000 worth of Bitcoin (BTC) and Monero (XMR) stolen, has once more brought up the issue of security within blockchains, especially decentralized systems, with hackers once more able to game the system and steal funds. This is a trend dating back to 2016 and the theft of the Ethereum DAO, highlighting once more than decentralized systems comes with their own set of risks.

Removing Centralization Removes Elements of Security

For all the benefits that come with exchanges not operated from centralized sources, removing this layer of centralization puts much more pressure on the effectiveness, robustness, and agility of the systems that take their place, and what we have seen so far in the crypto space has not been reassuring.

The Bisq attacker, who exploited “a flaw in the Bisq trade protocol” according to the company, was able to intercept individual BTC/XMR trades and steal the funds (3 and 4,000 XMR), with the flaw originating from an October 2019 protocol update which provided “improved decentralization”.

Essentially the hacker found a way to game the system, which is much easier to do on a decentralized system where there is commonly less oversight and things like hacks are harder to stop once they have started.

We saw something similar in February when DeFi platform bZx was targeted twice by a hacker who outthought programmers and found a way to use the complicated network of decentralized systems to his advantage to steal thousands of ETH.

Fragility of Decentralized Systems Dates Back to 2016

The fragility of decentralized systems dates back to the hack of the Ethereum DAO in 2016, a monument to collectivism in the dawn of smart contracts, but it will always be remembered as the first exploit of a decentralized system – 3.6 million ETH were stolen, the equivalent of $70 million at the time.

These interlinked and interoperable blockchain networks are in their infancy and rely on the competence of the blockchain designers and engineers to minimize against attacks. Of course they cannot mitigate against every conceivable attack, and in many ways it is like a country defending itself against terrorist attacks – designers and engineers must think creatively and try to imagine all the ways their systems could be compromised, then put in place measures to stop them.

Users Have a Choice to Make

For all their ills, and for all that they may go against the core concepts of blockchain and cryptocurrency, centralized exchanges are often able to defend themselves better against attacks in the first place and can often react quicker in pulling up the drawbridge when the worst happens.

As usual, the tradeoff that users must make is between convenience and security on the one hand and decentralization on the other, which is a choice every individual makes based on their own viewpoints, but security of funds has to be a priority for users and more importantly developers of decentralized systems if the space is to really grow.