RetoSwap DEX Hacked. $2.7M Drained: How to Save Monero XMR Now
On 20th May 2026, RetoSwap, a P2P multisig DEX specializing in Monero trading, reported that the Haveno trade protocol had been hacked. According to the X account of the exchange, about 7,000 XMR ($2.7M) in user funds were drained.
The team also stated that they had not been compromised.
How P2P Transactions Work
Haveno is a decentralized P2P exchange. There is no centralized custodian, so the security of transactions between a seller and a buyer is ensured by a decentralized escrow based on a 2-of-3 multisig wallet.
To create this kind of wallet, you need the public keys of three people: the buyer, the seller, and an arbitrator (an independent node that the protocol picks automatically). To withdraw coins from the wallet, any two of the three participants need to sign off on it.
The arbitrator steps in when disputes arise, reviews the evidence, and rules in favor of either the buyer or the seller.
What Happened with RetoSwap
As woodser, the main Haveno developer, explained, "Here's how the exploit worked: when the attacker took a trade, they sent a fake, out-of-order ACK message impersonating the arbitrator, causing the software to update the arbitrator's node address to their own, allowing them to create a compromised multisig wallet before funds were deposited".
When the hacker acting as the seller filled the order (took a trade), the hacker's client and the victim’s client began exchanging technical messages to generate a multisig address.
How Exactly the Hacker Bypassed the Protection: Technical Details
The hacker sent a special ACK (short for Acknowledgment) network packet earlier than required by the protocol and disguised it to appear to have come from a legitimate Arbitrator node.
Then a validation failure occurred. Due to a bug in the Haveno code, the victim’s client failed to verify the message's cryptographic signature and accepted it at face value.
Upon receiving this fake ACK, the victim’s software incorrectly overwrote the designated arbitrator’s node address in its RAM with the hacker’s node address.
The victim’s client began collecting public keys to create a 2-of-3 multisig address. The victim took their own key, took the seller’s (hacker’s) key, and requested a key from the “arbitrator.” But since the arbitrator’s address had already been spoofed in the system, the request was routed to the hacker’s second node.
The hacker obtained 2 out of 3 wallet keys even before the funds were deposited there.
As soon as the victim transferred their Monero (XMR) to the generated multisig address, believing the transaction was secure, the hacker instantly signed it with their two keys (seller + arbitrator) and transferred all the XMR to their personal wallet. The protocol considered this transaction completely legitimate, since the 2/3 quorum had been met.
Another Way to Safely Trade and Store Monero (XMR)
Monero is unique, but controversial. It offers absolute privacy by default, but it's also plagued by scams and shady deals.
That's the pain of Monero's long, multi-step sync process because you're literally paying for privacy with your time. Syncing your wallet can be painfully slow, sometimes taking hours or even days just to get your balance up to date.
Coin Wallet for Monero: No-Sync Method
If you don't want to deal with custom nodes and P2P exchanges after this news, you might consider self-custodial solutions like Coin Wallet. Firstly, your keys are stored solely with you.
Second, Coin Wallet has solved the sync problem radically with the no-sync method: a remote node only broadcasts outgoing transactions. Yes, you'll have to manually insert the hash to confirm incoming transactions (the wallet doesn't see them). It takes a couple of seconds, but you don't have to download gigabytes of blockchain data, and your keys remain yours alone.
You can check how it works in detail in our comprehensive guide.
Just remember: self-custody means full responsibility. Keep your seed phrase safe, download Coin Wallet, and keep your assets under your own control.