RetoSwap

RetoSwap is an independent Haveno-based marketplace built for the use case Monverse lost when LocalMonero shut down in 2024: peer-to-peer XMR↔fiat with no central custody and no KYC. Trades settle through on-chain multisig escrow rather than an operator's hot wallet, which makes it one of the highest-privacy ways to move between Monero and fiat short of meeting someone for cash.

Background. Haveno is, in effect, Monero's answer to Bisq — a decentralized P2P exchange protocol where buyers and sellers transact directly using real-world fiat payment methods, protected by multisig escrow and security deposits. RetoSwap runs its own Haveno network (its own seed nodes and arbitrators) with a desktop client, and inherits the spirit of LocalMonero — community liquidity for fiat on/off-ramps — while explicitly dropping the central-custody model that made LocalMonero a single point of seizure. It is the privacy-first answer to "I have cash/bank fiat and I want native XMR without an exchange account."

What you trust. This is the important part, because Haveno's trust model is different from a custodial swap. Each trade is locked into a 2-of-3 multisig: buyer, seller, and an arbitrator each hold a key. Normal trades complete with just buyer and seller signing; the arbitrator only steps in on a dispute. Both sides post a security deposit that disincentivizes cheating. So you are not trusting RetoSwap with custody of your funds — you are trusting (a) the multisig cryptography, (b) the honesty and availability of the network's arbitrators, and (c) the seed-node operator's integrity. The arbitrator is the critical human trust anchor: on any Haveno network, a compromised or impersonated arbitrator is the realistic threat, not the operator absconding with a hot wallet. Follow standard discipline — never release escrow early, verify you're dealing with the legitimate arbitrator, and keep all communication and evidence inside the client.

Operational specs. Desktop client (not a website you paste an address into), on-chain multisig escrow, security deposits on both sides, fiat payment methods for the fiat leg, and no KYC. Because it's genuine P2P, liquidity and spreads are worse than centralized swaps — you trade depth for the strongest privacy posture, and you may wait for a counterparty at your size and payment method. Settlement is as fast as the two humans and the payment rail allow, not instant.

Philosophy. RetoSwap is non-custodial, permissionless fiat↔XMR by design: no account, no central pool of funds to subpoena or seize, no identity attached to a trade. It carries forward the LocalMonero community-liquidity ethos into an architecture where the operator structurally *cannot* be the single point of failure that custodial P2P platforms were. That is the whole pitch, and it's an honest one.

Grade rationale. Grade A reflects the non-custodial multisig design, the genuine no-KYC fiat on/off-ramp (a scarce and valuable capability post-LocalMonero), and an independent operator filling a real gap. It sits at A rather than higher because of the inherent P2P trade-offs — thinner liquidity, a learning curve, and a trust model that rests on arbitrator honesty rather than pure cryptography.

Useful when you need to move between fiat and native Monero without an exchange account or ID, you value seizure-resistance over speed and depth, and you're comfortable running a desktop client and following multisig discipline. It's the natural home for users who relied on LocalMonero and want the same function without the custodial risk.

Caveats. P2P means you must vet counterparties and never release escrow before you've genuinely received the fiat — the deposit and arbitrator exist precisely because some counterparties try to cheat. Haveno's safety rests on arbitrator and seed-node integrity; arbitrator-impersonation is the known class of risk on Haveno-style networks, so confirm you're interacting with the legitimate network and arbitrator before committing a trade, and re-evaluate if the operator changes its arbitrator set. Liquidity can be thin at larger sizes or uncommon payment methods. As always, verify the real client download and network details from the operator's signed/canonical sources, not third-party links.