-
@ openmonero
2025-06-12 15:51:03
NOTE: The haveno arbitrators could rug the whole orderbook (2,000,000 USD) despite multi-sig trades.
Additionally, since offers on openmonero.com don’t require any pre-funding, the potential damage remains quite limited (similar to a single McDonald's salary). A quick note: multi-signature setups typically require JavaScript, and possibly Java, which limits scalability and compatibility, especially with browsers like Tor.
Moreover, multi-sig only secures about 1% of the total liquidity (trades in escrow or accepted), making it largely ineffective. On haveno, if a malicious arbiter manages to take all maker offers, they could potentially wipe out the entire order book (despite multi-sig trades). And having a security deposit doesn’t offer much protection either, since an attacker only needs to hold an amount of XMR equal to the lowest security deposit to take all maker offers. This pattern becomes clear when observing how each taker bot balance grows by a ton (logarithmic growth) after each transaction. More here: https://simplifiedprivacy.com/openmonero-interview-with-the-dev/compared-to-reto.html
This principle has been validated both by my own analysis and confirmed by the official moderator of the dread sub and some reddit users.
http://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/4e7e530582ff902b6903/#c-cac5570453f7fa9f42
https://rl.bloat.cat/r/Monero/comments/1l5jkp2/openmonerocom_got_hacked_as_reported_in_their/mwj10k3/?context=3#mwj10k3
https://rl.bloat.cat/r/Monero/comments/1l5jkp2/openmonerocom_got_hacked_as_reported_in_their/mwp7yhn/?context=3#mwp7yhn