I've just open sourced the first p2p monero platform that is completely based on NOSTR, with a decentralized reputation system (PGP canaries), a federated orderbook, non-custodial trade funding, non-custodial trade settlements and anyone can setup his own instance since the backend is open source as well. I am telling you once again, haveno is a centralized liquidity exchange, since the admin can take all offers. All that is required for such an exploit is access to the admin key, two bots (taker and arbiter bot), and an amount of XMR equivalent to the lowest security deposit (a mechanism evident from the logarithmic balance growth of each taker bot following each transaction. More here: http://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/4e7e530582ff902b6903/#c-779f1c27e12e98e6af

#Privacy #Markets #HiddenService #News #Work #Monero #Crypto #Hacking #HarmReduction #Guides #Bisq #cakewallet #haveno #retoswap #trading #p2p #escrow #localmonero #dex #cex #moneroju #xmrbaazar #security #agorism #cypherphunk

You can read more about the hack here: http://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/59e5b924658bac9124d0

NOTE: The haveno arbitrators could rug the whole orderbook (2,000,000 USD) despite multi-sig trades.

Ironically, openmonero.com may actually be one of the most secure platforms out there, thanks to its use of non-custodial trade settlements, non-custodial funding, and relatively quick trade finalization (on hour). To date, only about 20k USD of user funds have been stolen, (plus 3k arbiter funds), despite a monthly trade volume of roughly half a million dollars. Had I implemented a setup like haveno, I’d probably have seen at least 2 million USD stolen (good luck trying to refund that).

Additionally, since offers on openmonero.com don’t require any pre-funding, the potential damage remains quite limited (similar to a single McDonald's salary). A quick note: multi-signature setups typically require JavaScript, and possibly Java, which limits scalability and compatibility, especially with browsers like Tor.

Moreover, multi-sig only secures about 1% of the total liquidity (trades in escrow or accepted), making it largely ineffective. On haveno, if a malicious arbiter manages to take all maker offers, they could potentially wipe out the entire order book (despite multi-sig trades). And having a security deposit doesn’t offer much protection either, since an attacker only needs to hold an amount of XMR equal to the lowest security deposit to take all maker offers. This pattern becomes clear when observing how each taker bot balance grows by a ton (logarithmic growth) after each transaction. More here: https://simplifiedprivacy.com/openmonero-interview-with-the-dev/compared-to-reto.html

This principle has been validated both by my own analysis and confirmed by the official moderator of the dread sub and some reddit users.

http://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/4e7e530582ff902b6903/#c-cac5570453f7fa9f42

https://rl.bloat.cat/r/Monero/comments/1l5jkp2/openmonerocom_got_hacked_as_reported_in_their/mwj10k3/?context=3#mwj10k3

https://rl.bloat.cat/r/Monero/comments/1l5jkp2/openmonerocom_got_hacked_as_reported_in_their/mwp7yhn/?context=3#mwp7yhn

#Privacy #Markets #HiddenService #News #Work #Monero #Crypto #Hacking #HarmReduction #Guides #Bisq #cakewallet #haveno #retoswap #trading #p2p #escrow #localmonero #dex #cex #moneroju #xmrbaazar #security #agorism #cypherphunk #rugpull