RetoSwap Halts Trading After Haveno Exploit Drains 7K XMR

RetoSwap halted trading on May 20 after the Haveno trade protocol was flagged as actively exploited, with early security-monitor estimates placing the user-fund drain at 7,000 XMR, worth about $2.7 million.

The incident began at 2:31 UTC, when Haveno lead developer woodser warned that the trade protocol was under active exploitation. Two minutes later, RetoSwap blocked the exploiter’s onion address and halted trading by setting the minimum client version to 2.0.0 through its filter feature.

The team later said:

If you have been affected by today’s incident please back up the following folder ASAP and keep it safe. It will be required for potential recovery plans:

Linux: ~/.local/share/Haveno-reto/xmr_mainnet/wallet

macOS: ~/Library/Application Support/Haveno-reto/xmr_mainnet/wallet

Windows: ~\AppData\Roaming\Haveno-reto\xmr_mainnet\wallet

You can back up manually or via the Haveno backup feature.

The suspected loss was later placed at 7,000 XMR in drained user funds, based on PeckShield’s alert. That figure should be treated as an early estimate until RetoSwap, Haveno developers or another post-incident review confirms the final affected amount, recovery status and exploit path.

RetoSwap is a privacy-focused, peer-to-peer trading network powered by Tor and Haveno. It markets itself as non-custodial software, meaning users run the client locally and trade directly rather than depositing funds into a centralized exchange account. The platform supports Monero, Bitcoin, Ethereum, Litecoin, Bitcoin Cash and stablecoins across Ethereum and Tron.

Monero Network Not Shown As Compromised

The exploit should not be framed as a Monero network breach. The available details point to a Haveno trade-protocol issue affecting RetoSwap users, not a failure of Monero’s base-layer privacy or consensus system.

That distinction matters for readers because XMR remains a separate asset from the trading software used to exchange it. Monero’s privacy model hides sender clues, recipient addresses and transaction amounts by default, but a privacy-focused coin cannot protect users from every application-layer failure, client bug, dispute mechanism flaw or malicious counterparty route.

The incident also extends a wider run of user-fund and infrastructure risks across crypto. Recent wallet-security losses have shown how custody mistakes can drain funds at the user level, while RetoSwap’s case centers on trading-protocol execution and arbitration mechanics rather than seed-phrase theft.

The next disclosures need to clarify whether affected users will be reimbursed, whether the vulnerable trade flow has been patched, how the exploiter passed dispute or settlement checks, and when ordinary trading can resume. Until that review lands, the safest operational step for users is to follow the client-version block, avoid active trades and wait for a patched release or official recovery plan.

The post RetoSwap Halts Trading After Haveno Exploit Drains 7K XMR appeared first on Crypto Adventure.