openmonero shouldn't even exist. People are supposed to be using retoswap.
trocador and all the services connected to it ideally shouldn't exist either but the atomic swaps aren't really finished yet
"LocalMonero clone OpenMonero has announced that the platform was hacked on June 6th and reported that all user and vendor funds - up to 200 XMR - were apparently stolen:
"All funds (50-200 xmr) have been stolen in a hack on 6/6/2025. Registration, login and trading is disabled until the firewall is updated. All users will be refunded. Vendors are first on the list.""
https://monero.observer/openmonero-hacked-reports-all-funds-stolen/#fn:3
Discussion
This. It was quite apparent that either something like this would happen or that LE would have it shut down. So I'm not surprised at all.
You may find this surprising, but just two days after the hack, I successfully open sourced the first decentralized peer-to-peer platform fully operational on NOSTR. This new repository represents the pioneering P2P Monero exchange featuring a decentralized reputation system and a federated order book. It incorporates all the functionalities typically found on openmonero.com, excluding self-destructing messages. Importantly, anyone can run their own instance, as the backend code is entirely open-source. The implementation is straightforward to audit, lightweight (only 4,500 lines of code) and genuinely decentralized, leveraging an open protocol like NOSTR that requires no additional software.
Frontend: http://rf5cqoxqlitdx4umuce5dgihjzabql4hs3zjkvs3em7xzjfa5yyhkeqd.onion/om/openmonero-dex
Backend: http://rf5cqoxqlitdx4umuce5dgihjzabql4hs3zjkvs3em7xzjfa5yyhkeqd.onion/om/openmonero-dex-api
Demo: http://ek72x7tysgkrr754ce4np4e6ce5rtwtxphxibzmesnsbuyco5onlc5id.onion/
Regarding the recent security incident, there is no evidence to suggest that openmonero.com has been completely compromised. Only funds have been stolen; trade chats and MongoDB are hosted on separate servers from the monero-wallet-rpc, indicating that the core infrastructure remains intact.
The primary objective is not to achieve absolute prevention of hacks, since no system can be 100% secure, but to minimize potential damage from the outset, similar to the principles of Qubes OS. This incident demonstrates that openmonero.com remains one of the most secure platforms available, capable of handling significant volume while maintaining minimal funds at risk, thus limiting potential losses in the event of a breach.
To date, approximately USD 20,000 worth of user funds have been stolen, along with USD 3,000 in arbiter funds, despite a monthly trading volume approaching half a million dollars. Had I employed a setup similar to Haveno, I estimate that losses could have exceeded USD 2 million making recovery efforts challenging.
#Privacy #Markets #HiddenService #News #Work #Monero #Crypto #Hacking #HarmReduction #Guides #Bisq #cakewallet #haveno #retoswap #trading #p2p #escrow #localmonero #dex #cex #moneroju #xmrbaazar #security #agorism #cypherphunk #bitcoin #btc #decentralized #nostr
NOTE: The haveno arbitrators could rug the whole orderbook (2,000,000 USD) despite multi-sig trades.
Additionally, since offers on openmonero.com don’t require any pre-funding, the potential damage remains quite limited (similar to a single McDonald's salary). A quick note: multi-signature setups typically require JavaScript, and possibly Java, which limits scalability and compatibility, especially with browsers like Tor.
Moreover, multi-sig only secures about 1% of the total liquidity (trades in escrow or accepted), making it largely ineffective. On haveno, if a malicious arbiter manages to take all maker offers, they could potentially wipe out the entire order book (despite multi-sig trades). And having a security deposit doesn’t offer much protection either, since an attacker only needs to hold an amount of XMR equal to the lowest security deposit to take all maker offers. This pattern becomes clear when observing how each taker bot balance grows by a ton (logarithmic growth) after each transaction. More here: https://simplifiedprivacy.com/openmonero-interview-with-the-dev/compared-to-reto.html
This principle has been validated both by my own analysis and confirmed by the official moderator of the dread sub and some reddit users.