Bisq v1 has experienced an exploit in its trade protocol that allowed an attacker to drain a portion of available offers. The impact was limited to open offers that were actively taken by the attacker over the last 12 hours. Funds held in users’ Bisq Bitcoin wallets were not affected. As an immediate mitigation, an emergency mechanism was activated to disable trading by setting the required trading version to 2.0.0 — a version that does not exist. This effectively prevents the attacker from continuing the exploit. The attack appears to have started on May 1 in the early morning hours. The development team is continuing to investigate the full extent of the damage. Users with trades initiated on or after this time are advised to open mediation by selecting the trade and pressing Ctrl + O. A mediator will assess whether their trade was affected. Preliminary investigation indicates that the attacker exploited a missing validation check using a modified client. The team is working to reliably reproduce the issue and verify a fix. Once confirmed, a hotfix will be released based on the latest stable version. In parallel, a comprehensive security review is being conducted to identify any related or additional vulnerabilities. For affected users, reimbursement options are being evaluated. Bisq recognizes that both the exploit and a consequent response are critical to its integrity, and is dedicating all available resources to finding a solution that helps restore confidence. Bisq 2, with the Bisq Easy trade protocol, is not affected. It is a separate codebase with a fundamentally different protocol design. Bisq will continue to provide updates through its official communication channels, including Matrix, the Bisq Forum, Telegram, Reddit, X, and Nostr. Bisq sincerely apologizes for the impact this incident has had on its users, and is fully committed to addressing both the root cause and its consequences.