RetoSwap (Haveno) — Trade Protocol Arbitrator Spoofing — May 20, 2026

Attacker: Exploiter onion address blocked (not disclosed); ~7,000 XMR drained to a separate wallet

Funds moved to: ~7,000 XMR (~$2.7M) moved to a single attacker wallet; no laundering via mixers detected at time of incident.

RetoSwap does not hold user funds (non-custodial architecture, traders operate from local wallets). The exploit targeted the Haveno trade protocol during active multisig transactions.

Timeline: On 20 May 2026 at 02:31 UTC, Haveno lead developer 'woodser' reported that the Haveno trade protocol was actively being exploited. At 02:33 UTC, RetoSwap banned the attacker's onion address and halted trading by forcing minimum client version to 2.0.0 via the filter feature. The attack exploited the Haveno messaging system during active transactions: the attacker impersonated an arbitrator BEFORE funds entered the multisig wallet, creating an unauthorized control path. Official PeckShield confirmation: 7,000 XMR (~$2.7M) drained. RetoSwap asked users to back up their local wallet (~/.local/share/Haveno-reto/) for a potential recovery plan. No detailed official post-mortem published as of 23 May 2026. The attack exploits the boundary between Haveno trade messaging and the XMR multisig before lock — architecture-level issue, not wallet hack, replicable on other Bisq/Haveno forks.