RetoSwap Hack: Anonymous Monero P2P Exchange Loses ~$2.7 Million

RetoSwap Hack: Anonymous Monero P2P Exchange Loses ~$2.7 Million in Sophisticated Protocol Exploit
May 21, 2026
~3 min read

In a significant blow to privacy-focused decentralized trading, RetoSwap — a popular anonymous peer-to-peer (P2P) exchange built on the Haveno protocol for trading Monero (XMR) — has been exploited. Users lost approximately 7,000 XMR, valued at around $2.7 million at the time of the attack.

The platform, which operates over the Tor network and emphasizes strong privacy, quickly suspended trading after discovering the breach.

RetoSwap Hack: Anonymous Monero P2P Exchange Loses ~$2.7 Million in Sophisticated Protocol Exploit

How the Attack Worked

According to on-chain analysts at PeckShield and RetoSwap’s own statement, the hacker exploited a critical flaw in the Haveno trading protocol:

  • The attacker posed as a legitimate arbitrator in ongoing trades.
  • They sent spoofed (fake) acknowledgment messages to the system.
  • This tricked the protocol into changing the designated multisig wallet address to one controlled by the hacker.
  • Funds were drained before the secure multisig escrow wallet could even be created.

This social engineering-style attack on the protocol level allowed the hacker to intercept user funds during the trade settlement process. Importantly, fiat-side trades appear to have been unaffected, while larger crypto transactions were the primary target.

RetoSwap’s Immediate Response

The RetoSwap team acted quickly:

  • Trading was halted by forcing a minimum client version update.
  • The attacker’s onion address was blocked.
  • The team is currently evaluating options to help affected users recover funds where possible.

RetoSwap is a fork of the open-source Haveno project, which itself was designed as a decentralized, non-custodial alternative to centralized exchanges for privacy coin trading.

Why This Hack Matters

RetoSwap was built specifically for users seeking maximum privacy — trading Monero without KYC, using Tor for anonymity, and relying on multisig smart contracts. The fact that the exploit targeted the core arbitration and multisig process highlights a painful reality: even privacy-centric decentralized platforms remain vulnerable to sophisticated protocol-level attacks.

This incident adds to a growing list of exploits in the decentralized finance and privacy coin ecosystem in 2026, underscoring the importance of thorough code audits and careful user practices even on non-custodial platforms.

Lessons for Privacy-Focused Traders

  • Always verify trade details and arbitrator communications.
  • Be cautious with new or smaller P2P platforms, even those with strong privacy reputations.
  • Consider using smaller trade sizes until the platform confirms full resolution.
  • Monitor official channels for updates on potential compensation or protocol fixes.

At Quickex, we believe privacy remains a fundamental right in crypto, but incidents like this serve as a reminder that true security requires both robust technology and user vigilance. Non-custodial platforms offer independence, but they also place full responsibility on the user.

The RetoSwap team has promised further updates as the investigation progresses. We will continue monitoring the situation and report any developments regarding user compensation or protocol upgrades.

0.0
(0 ratings)
Click on a star to rate it

You send:

You send:

Network

Floating

You receive:

You receive:

Network