On 2026-05-20, an exploit hit Haveno-based trading software and the RetoSwap instance built on it. The funds were drained from the trade escrow layer — the multisig that Haveno uses to hold both sides of a peer-to-peer trade — not from the Monero protocol. Monero's cryptography was not broken. The ledger, ring signatures, and stealth addresses worked exactly as designed.
TL; DR: Monero was not hacked. The Haveno/RetoSwap exploit abused the platform's trade-escrow flow — the temporary multisig wallet that holds funds during a peer-to-peer trade — not Monero's underlying cryptography.
Lo que realmente pasó
The headlines asked whether Monero itself had been hacked. It wasn't. The exploit targeted Haveno's trade-coordination layer, the software that arranges peer-to-peer trades between two strangers.
Haveno trades settle through a temporary multisig wallet. During setup, the platform exchanges messages to agree on which keys control that wallet — including the arbitrator's node address used for dispute resolution. According to the incident report shared by network operators, the attacker sent forged acknowledgement messages impersonating the arbitrator, causing the software to update the arbitrator's node address to one the attacker controlled. That let the attacker influence creation of a compromised multisig wallet before funds were deposited.
Reporting from the community put the loss at an estimated 7,000 XMR, with the first malicious activity around 02:31 UTC on 2026-05-20. Those figures come from community incident threads, not a formal postmortem; treat them as provisional. At roughly the XMR price on 2026-05-20 (retrieved 2026-05-30), that was a material sum.
Haveno network operators were advised to halt trading, and the RetoSwap instance suspended operations. A fix was published as a pull request to the Haveno repository — see Haveno PR #2315 — which addresses the forged-acknowledgement path that made the attack possible.
Why this is an escrow problem, not a Monero problem
The distinction matters because the two failure modes carry very different lessons.
Monero's privacy comes from on-chain mechanics: firmas de anillo hide which input is really being spent, and direcciones furtivas hide who receives funds. None of that was touched. The coins moved through the chain normally.
What failed was the off-chain coordination that a peer-to-peer trade platform layers on top. To match two strangers and protect both sides, Haveno builds a temporary multisig escrow and routes setup messages between participants and an arbitrator. That message flow is the attack surface — and that's where the forged-acknowledgement exploit lived.
Any system that holds your funds in a shared escrow during a trade carries this category of risk. The escrow is convenient, but it is also a place where a bug in the coordination logic can put deposited funds at risk before a trade completes.
How the GhostSwap model differs
GhostSwap is not a peer-to-peer escrow platform. It is a non-custodial swap service: funds pass through and are never held in a shared multisig waiting on a counterparty.
| Propiedad | Peer-to-peer escrow trade | Intercambio de fantasmas |
|---|---|---|
| contraparte | Another user, matched by the platform | No counterparty matching; you swap against aggregated liquidity |
| Funds during the trade | Held in a temporary multisig escrow | Pass through; never held |
| Cuenta / KYC | Varía según la plataforma | No account, no email, no KYC for swaps |
| Precios | Set per-trade between peers | Floating-rate pricing from aggregated liquidity |
GhostSwap supports 1,600+ pairs spanning 200+ assets, with median swap completion around 8 minutes and most swaps finishing within 30 minutes (varies by chain congestion). You supply a receiving address and a refund address; funds pass through non-custodially and are never held by GhostSwap.
This does not make any swap risk-free. It removes one specific category — the shared-escrow trade-coordination surface that the Haveno exploit abused — because there is no shared escrow holding your coins mid-trade.
How to swap XMR without a peer-to-peer escrow
If you were using a Haveno-based platform and want a route that doesn't park your funds in a trade escrow, a non-custodial swap is straightforward:
- Pick your pair — open the pair page for the swap you want, for example BTC a XMR, and review the floating-rate quote.
- Supply your addresses — enter your receiving address and a refund address. No account, no email, no identity verification is required to swap.
- Send and wait — send the input asset to the address shown. Funds pass through non-custodially; median completion is around 8 minutes.
The live swap widget is on the Página de inicio de GhostSwap. For more on getting from fiat into crypto first, see como comprar cripto.
Preguntas Frecuentes
Q: Was Monero hacked in the Haveno/RetoSwap exploit?
A: No. The exploit abused Haveno's trade-escrow coordination layer — the temporary multisig and its setup messages — not Monero's protocol. Ring signatures, stealth addresses, and the ledger functioned normally.
Q: How did the attacker drain funds?
A: According to the operator incident report, the attacker sent forged acknowledgement messages impersonating the arbitrator, causing the software to point at an attacker-controlled node address and influence creation of a compromised multisig before funds were deposited. The fix is in Haveno PR #2315.
Q: Does a non-custodial swap remove this risk entirely?
A: It removes the shared-escrow trade-coordination surface, because your funds aren't held in a multisig waiting on a counterparty. It does not make swapping risk-free — always verify the address you send to and the network you're using.
Q: Do I need an account to swap on GhostSwap?
A: No. There's no sign-up, no email, and no identity verification required to swap. You supply a receiving address and a refund address; funds pass through non-custodially and are never held by GhostSwap.
Swap without a shared escrow
If the Haveno incident made you rethink where your funds sit during a trade, a non-custodial pass-through swap is one option that keeps your coins out of a shared multisig. Review a BTC a XMR quote or open the Página de inicio de GhostSwap to see live rates.
GhostSwap is not a registered financial service, and no swap service is immune to risk.
