Active incidents affecting directory listings — hacks, exploits, outages, regulatory actions. Sorted newest first. Grade is decided by long-term posture; this page tracks point-in-time signals.
JSON twin: /api/v1/incidents
Protocol-level exploit using fake arbitrator-ACK messages — approximately 7,000 XMR (~$2.7M) lost from active offers across Haveno operators. Lead developer woodser advised halting all trades network-wide pending a protocol patch.
Curator's advice: Don't open new offers on any Haveno operator (Reto, Mainnet, etc.) until the patch ships and your client reports a min-version bump. If you have outstanding offers, back up your wallet and follow your operator's advisory.
Affected as a Haveno operator by the protocol-level fake-arbitrator-ACK exploit. RetoSwap's own infrastructure was NOT breached; they banned the attacker's onion address and enforced a minimum client version to pause trading.
Curator's advice: Same as the Haveno protocol advisory — don't open new trades until the patched client ships. Existing balances are safe; offers in flight are at risk.
TSS-key cryptography flaw exploited — approximately $10.8M drained from POL vaults across BTC/ETH/BNB/Base. Trading + signing paused by the protocol.
Curator's advice: Don't open new trades until THORChain unpauses. XMR pool may resume earlier than EVM legs — confirm pool status on /thorchain or the protocol's own dashboard before swapping.