xmr.club
EN 中文 ES RU
← на главную
инцидент-деск · 16 активных

Активные инциденты

Хаки, эксплойты, регуляторные паузы и события, отмеченные оператором, по listed-сервисам. Состояние инцидента — точечное; оценка — долгосрочная постура. Они сосуществуют — A-провайдер может быть в режиме инцидента.

16 активных
6 крит. / высок.
8 средних
1 низких
  1. ⚠ Критический C xmr.gg /wagering 2026-07-04 2д назад

    Operator announced full shutdown on 2026-07-06. Betting already disabled. Withdraw any remaining XMR balance immediately — after the shutdown date the site will be gone and funds will not be recoverable.

    зафиксировано куратором · публичного источника пока нет полная запись →
  2. ⚠ Критический D OpenMonero /exchanges 2026-06-08 28д назад

    Server compromise on 2026-06-08: an attacker gained root access (local privilege escalation) to OpenMonero's main server and stole ~200 XMR. The operator stated all funds are gone. This is a repeat event — "hacked again" — not a first-time breach.

    Совет куратора

    Do not deposit or hold funds on OpenMonero. Withdraw anything still accessible and avoid the platform until a full public post-mortem, infrastructure rebuild, and independent audit. A recurring server compromise with total fund loss is a critical custody failure. Update (2026-06-11): the operator has not publicly confirmed the 06-08 incident; some community members claim it may be a negative-trade-amount input-handling bug rather than a breach, others call it a rug — unverified either way. Given the repeat pattern and operator silence, treat funds as at-risk until OpenMonero publishes a verifiable post-mortem.

  3. ⚠ Высокий C AzireVPN /vpns 2026-07-02 4д назад

    Operator change verified — AzireVPN's `/about` page now reads: "AzireVPN is owned by Malwarebytes, a global leader in real-time cyber protection, based in Santa Clara, CA, US." That is a material trust-story shift for a service originally listed as a Sweden-based independent no-logs VPN. Simultaneously, the `/pricing` page no longer lists Monero (or Bitcoin) as a payment method — XMR has been dropped. The no-logs claim was substantively part of the original Grade-A rationale; under Malwarebytes ownership it requires re-verification via an audit specifically conducted after the ownership change.

    Совет куратора

    Grade downgraded A → C on 2026-07-02. Existing customers should treat the no-logs claim as under-review, not confirmed. Users specifically avoiding US-jurisdiction VPN providers (CLOUD Act, subpoena, national-security-letter regime) should rotate to a peer VPN with disclosed ownership outside the US. Path back to B requires XMR reinstated + published post-acquisition no-logs audit. Path back to A additionally requires verifiable operational independence from Malwarebytes's US legal exposure.

  4. ⚠ Высокий B EigenWallet /wallets 2026-05-25 1мес назад

    Maintainers advised market-makers (eigenwallet-makers Matrix) to shut down their ASB (Atomic Swap Backend) on 2026-05-25 due to an actively-exploitable vulnerability. A 2026-05-29 developer correction states the impact is worse than first reported: a malicious swap can net the attacker the full XMR while the maker recovers only ~10% of their BTC. Mitigation has since shipped — v4.7.9 (2026-05-29) makes the ASB refuse cooperative XMR-redeem requests when the BTC received is <75% of the BTC sent into the swap; the latest release is 4.7.10 (2026-06-02). Still no public CVE or formal post-mortem.

    Совет куратора

    Don't run an ASB / market-maker right now. Taker-side swaps may still be possible against makers who are online, but trade volume has dried up while operators wait for the patch. We'll update this entry the moment a fixed release ships or the maintainers publish a post-mortem. Track github.com/eigenwallet/core/releases and the Matrix room linked from eigenwallet.org.

  5. ⚠ Высокий A THORChain /exchanges 2026-05-11 2мес назад

    GG20/TSS-key cryptography flaw exploited 2026-05-11 — ~$10.7M drained from a POL vault. Trading RESUMED 2026-06-23 on non-XMR chains (BTC/ETH/SOL/TRON/XRP/etc.) after ~6 weeks offline; the Monero leg is still pending — XMR.XMR is not yet on mainnet pools (operator: "XMR soon"). ADR-028 was approved and implemented: the loss is absorbed by protocol-owned liquidity via a store migration — there is NO user refund, airdrop, or compensation program (the operator states this explicitly; the earlier 2026-06-04 'refund portal' deadline lapsed and was superseded by POL absorption). v3.18.1 patched the flaw; the v3.19 restart release entered stagenet in early June, with a full churn to fresh vaults and Monero prioritized in the DEX queue, and full trading/LP targeted ~1 week after mainnet adoption. The TSS library was temporarily closed-sourced for a Soda Labs cryptographic audit (~2-4 weeks). Restart in progress, not yet complete (as of 2026-06-04).

    Совет куратора

    Don't open new trades until THORChain unpauses (still paused as of 2026-05-27). If you held funds at the time of the exploit, file via the refund portal before 2026-06-04 — protocol absorbs losses via Protocol-Owned Liquidity first. Beware of phishing impersonator refund portals — only use the link from thorchain.org. XMR pool may resume earlier than EVM legs; confirm pool status on /thorchain or the protocol dashboard. Update (2026-06-11): Incident Update #6 — v3.19.0 deployed (TSS patches + ADR-028 loss-recovery + compromised-vault quarantine), 11-step restart underway; trading still paused as of 06-10. No refund/compensation program (ADR-028 POL absorption only). Recovery progressing, not worsening.

  6. ⚠ Высокий A Bisq (classic) /exchanges 2026-05-01 2мес назад

    v1 trade protocol exploit — missing validation on negative network-fee values let an attacker drain ~11.59 BTC from active/open offers. Bisq halted trading via emergency version flag until patched in v1.9.x+. As of 2026-05-25: DAO compensation vote scheduled (reimbursement in BTC or BSQ from DAO reserves under discussion).

    Совет куратора

    Update to the patched Bisq v1.9.x+ before trading. Bisq Easy (Bisq 2) is the safer current path. Verify signed releases before running. Affected users: a Bisq DAO compensation vote is in progress as of 2026-05-25 — monitor official Bisq channels for the vote outcome.

  7. ⚠ Средний A- Njalla Domains /email 2026-06-14 22д назад

    In Q4 2024 Njalla silently relocated from Nevis (1337 Services LLC) to Costa Rica (njalla.srl) with no customer announcement. Costa Rica's RTBF registry makes UBO information shareable to government entities and foreign court orders are more enforceable than in Nevis — a weakening of the offshore offsets that defined Njalla's privacy posture. Founder brokep's public profiles (Mastodon, Bluesky, X) went dormant in the same window. Njalla support's response to user inquiries has been take-it-or-leave-it. No malicious behaviour or domain seizure is documented in the cited source; the issue is opacity + a quietly weaker threat-model offset.

    Совет куратора

    Existing pseudonymous domains paid via untraceable methods appear unaffected at the time of writing. Reconsider Njalla for new high-risk registrations (politically sensitive, pirate-adjacent, abuse-attractor content); the jurisdictional offset is now thinner than the marketing implies.

  8. ⚠ Средний A- Njalla VPS /hosting 2026-06-14 22д назад

    In Q4 2024 Njalla silently relocated from Nevis (1337 Services LLC) to Costa Rica (njalla.srl) with no customer announcement. Costa Rica's RTBF registry makes UBO information shareable to government entities and foreign court orders are more enforceable than in Nevis — a weakening of the offshore offsets that defined Njalla's privacy posture. Founder brokep's public profiles (Mastodon, Bluesky, X) went dormant in the same window. Njalla support's response to user inquiries has been take-it-or-leave-it. No malicious behaviour or domain seizure is documented in the cited source; the issue is opacity + a quietly weaker threat-model offset.

    Совет куратора

    Existing pseudonymous domains paid via untraceable methods appear unaffected at the time of writing. Reconsider Njalla for new high-risk registrations (politically sensitive, pirate-adjacent, abuse-attractor content); the jurisdictional offset is now thinner than the marketing implies.

  9. ⚠ Средний B- Njalla VPN /vpns 2026-06-14 22д назад

    In Q4 2024 Njalla silently relocated from Nevis (1337 Services LLC) to Costa Rica (njalla.srl) with no customer announcement. Costa Rica's RTBF registry makes UBO information shareable to government entities and foreign court orders are more enforceable than in Nevis — a weakening of the offshore offsets that defined Njalla's privacy posture. Founder brokep's public profiles (Mastodon, Bluesky, X) went dormant in the same window. Njalla support's response to user inquiries has been take-it-or-leave-it. No malicious behaviour or domain seizure is documented in the cited source; the issue is opacity + a quietly weaker threat-model offset.

    Совет куратора

    Existing pseudonymous domains paid via untraceable methods appear unaffected at the time of writing. Reconsider Njalla for new high-risk registrations (politically sensitive, pirate-adjacent, abuse-attractor content); the jurisdictional offset is now thinner than the marketing implies.

  10. ⚠ Средний B- FixedFloat /exchanges 2026-06-08 28д назад

    AML-freeze на маршрутизированном заказе 3000 TRX → BTC (2026-05-16). Пост-инцидент chain-analysis подтвердил: депозит имел прямую экспозицию к известным каналам отмывания и косвенные hops к санкционным сущностям — freeze был AML-justified, не случайным шаблоном shotgun-KYC. FixedFloat не предлагает refund-to-source на флагнутых inputs; восстановление требует KYC-диспута. Редакционное заключение: кейс иллюстрирует B-grade recovery path — A-grade провайдеры в нашем каталоге предлагают refund-to-source при том же AML-флаге без требования KYC.

    Совет куратора

    Inputs с любыми chain-analysis red flags скорее всего замёрзнут на FixedFloat. Если можете верифицировать чистоту inputs — FF работает нормально. Если ваши inputs касались миксеров, DNM-adjacent адресов или hops к санкционным сущностям (даже косвенно) — маршрутизируйте через A-grade провайдеров (SageSwap, StealthEX, Exolix), они предлагают refund-to-source без KYC.

  11. ⚠ Средний B- Wagyu /exchanges 2026-05-30 1мес назад

    Контроль соответствия оператора — Основатель Wagyu (@PerpetualCow) публично идентифицирует себя как hype-aligned оператор, использующий XMR как инструмент, а не privacy-aligned оператор с миссией Monero. Его X-био: "$HYPE maximalist. not loud about it, just patient. Contributing to @HyperliquidX and XMR through Wagyu.xyz." В посте от 2026-05-29: "Aside from $HYPE there's nothing worth owning in crypto anymore. As sad as it is." Это включает Monero — сказано основателем Monero-свопа. Смежный проект ($COW в Fwog.fun) брошен через срывы дедлайнов, пост-фактум отрицание лидерства, удаление Telegram-сообщества 2026-05-18. Wagyu своп продолжает работать (~$320M накопленных / ~$30M в месяц); инцидент DPRK от апреля указан отдельно.

    Совет куратора

    Используйте своп если нужно (объём подтверждает работоспособность), но не оставляйте баланс и не работайте размером больше, чем готовы потерять при уходе оператора. Оценка B → B- (2026-05-30) — структурное несоответствие. Дальнейшее зависит от стресс-событий Wagyu.

  12. ⚠ Средний A- Exolix /exchanges 2026-05-28 1мес назад

    Partner-API broken-access-control disclosed by RasterSec on 2026-05-28. JWT keys embedded in public partner repos + Android APKs allowed anyone to dump all partner swap records — ~355,944 swaps / $39.5M of metadata (addresses, tx hashes, timestamps, user IDs) from Jan 2025 → May 2026. Affected partners: Edge, Exodus, Monerujo, BTCPay Server, Temple Wallet, EGToken.io. Exolix patched via WAF rules (not by fixing the underlying access control) and initially characterized the issue as "a feature." Past user swap trails are permanently exposed; new swaps unaffected.

    Совет куратора

    If you swapped via Exolix or any of the affected partner integrations between Jan 2025 and May 2026, assume your deposit + withdrawal addresses are now in third-party datasets (searchable, downloadable, immutable). For NEW swaps, Exolix still works as advertised — the WAF fix prevents further dumps. But weigh the operator's initial "feature" framing before routing sensitive flows; A-grade peers (SageSwap, StealthEX) had no such disclosure.

  13. ⚠ Средний B- Wagyu /exchanges 2026-04-22 3мес назад

    Контроль соответствия оператора — Основатель Wagyu (@PerpetualCow) публично идентифицирует себя как hype-aligned оператор, использующий XMR как инструмент, а не privacy-aligned оператор с миссией Monero. Его X-био: "$HYPE maximalist. not loud about it, just patient. Contributing to @HyperliquidX and XMR through Wagyu.xyz." В посте от 2026-05-29: "Aside from $HYPE there's nothing worth owning in crypto anymore. As sad as it is." Это включает Monero — сказано основателем Monero-свопа. Смежный проект ($COW в Fwog.fun) брошен через срывы дедлайнов, пост-фактум отрицание лидерства, удаление Telegram-сообщества 2026-05-18. Wagyu своп продолжает работать (~$320M накопленных / ~$30M в месяц); инцидент DPRK от апреля указан отдельно.

    Совет куратора

    Используйте своп если нужно (объём подтверждает работоспособность), но не оставляйте баланс и не работайте размером больше, чем готовы потерять при уходе оператора. Оценка B → B- (2026-05-30) — структурное несоответствие. Дальнейшее зависит от стресс-событий Wagyu.

  14. ⚠ Средний B BuyVM /hosting 2025-01-08 1.5г назад

    Two verified changes on the trust-story axis since the initial B-listing: (1) BuyVM was acquired by Cloudzy in January 2025 — founder Francisco stayed on and told the community at the time there would be "no change in pricing… no reduction in resources… no downgrades in hardware." (2) In May 2026, BuyVM announced its first-ever price adjustment, effective 2026-07-01, of roughly 15-25% across all KVM Slice plans (e.g. 4 GB slice $15→$17 for existing customers, $20 for new). The operator's stated reason is >15% upstream DC and bandwidth increases over the preceding six months. The pricing move breaks the letter of the acquisition-time promise, though the reasoning is disclosed publicly.

    Совет куратора

    Grade held at B — the operator's transparency in explaining the price adjustment plus the fact that post-hike pricing stays competitive with the peer set keeps this above C. The "independent VPS" framing has been dropped from the tagline. Existing customers on affected plans should expect the new pricing on their next renewal on/after 2026-07-01. Path to A now requires: three years of clean operation under Cloudzy ownership without a second broken commitment, plus a peer-directory listing corroborating the current trust story.

  15. ⚠ Низкий C SplitNOW /exchanges 2026-05-23 1мес назад

    Hidden 3.06% swap spread + 141% withdrawal-fee markup above network cost found in live audit (0.2 XMR test). Support admitted partner-side slippage on small orders and offered manual refund.

    Совет куратора

    Use only if you tolerate ~3–6% effective fee for the multi-wallet split convenience. Quote-vs-fill gap is not surfaced before deposit.

    зафиксировано куратором · публичного источника пока нет полная запись →
  16. ⚠ warning B xmr.bar /wagering 2026-07-04 2д назад

    The public 'Recent Bets' feed on xmr.bar shows entries dated 10-11 weeks ago as of 2026-07-04 (external observation by @exitnode_). Site is online, betting endpoints reachable, but the on-page activity metric appears frozen since ~April 2026. Could be a backend/data event (widget wiped or disconnected from live data), or a genuine decline in traffic. Neither the operator nor the site has publicly explained. Interpret as an information-worthy signal, not a shutdown.

    зафиксировано куратором · публичного источника пока нет полная запись →
История разрешённых · 3 прошлые инциденты, сохранены в записи
  1. ✓ Разрешено A- Haveno /exchanges 2026-06-17 → 2026-06-24 разрешено 12д назад

    Second distinct trade-protocol exploit in under 30 days, hitting Haveno operators including RetoSwap. Per the official RetoSwap PSA (2026-06-17), an exploit report was received at 18:02 UTC; the RetoSwap team responded by setting the minimum client version to 2.0.0 via the filter feature and banning the attacker's onion. **The May 2026 attack** worked by substituting the legitimate arbitrator's onion with the attacker's own (fake-arbitrator-ACK vector against the arbitrator-selection step). **The June 2026 attack is mechanistically distinct**: the arbitrator stays legitimate, but the attacker abuses the forced-arbitration flow itself — taking buy offers, forcing arbitration through a real arbitrator, and getting XMR released after 30 confirmations without ever sending BTC. Two legitimate Reto arbitrators are on record (`…6wi2znkfhbowtv2xxkbx63simfj3bqd.onion`, `…sriix3v2akgrzd4k5tvoqqvsfzxb6yd.onion`) — both involved in the current attack as honest counterparties, not as compromised infrastructure. Attacker buyer onion (banned, with port): `…e6wyrtdczsrhtves2jofi2qpad.onion:9999`. Scope per RetoSwap: damage appears contained to large-scale crypto offers; fiat traders unaffected. Trading halted network-wide while the protocol gap is addressed.

  2. ✓ Разрешено A RetoSwap /exchanges 2026-06-17 → 2026-06-24 разрешено 12д назад

    ACTIVE — second Haveno-protocol exploit hitting RetoSwap inside 30 days, **mechanistically distinct from the May 2026 attack**. Per RetoSwap's official PSA (2026-06-17): the team received the exploit report at 18:02 UTC, halted trading by setting the minimum client version to 2.0.0 via the filter feature, and banned the attacker's onion. **May attack:** arbitrator-substitution / fake-arbitrator-ACK against the selection step. **June attack:** the arbitrator stays legitimate, but the attacker abuses the forced-arbitration flow itself — take buy offers → force arbitration through a real arbitrator → XMR releases after 30 confirmations even though no BTC was ever sent. Two legitimate Reto arbitrators on record (`…6wi2znkfhbowtv2xxkbx63simfj3bqd.onion`, `…sriix3v2akgrzd4k5tvoqqvsfzxb6yd.onion`) — both honest counterparties, not compromised infrastructure. Attacker buyer onion (banned, with port): `…e6wyrtdczsrhtves2jofi2qpad.onion:9999`. Scope per RetoSwap: damage appears contained to large-scale crypto offers; **fiat-flow traders unaffected**. The RetoSwap team is **not compromised** — the protocol flaw is at the Haveno layer.

  3. ✓ Разрешено A- 1984.is /hosting 2026-06-07 → 2026-06-08 разрешено 28д назад

    1984.is auto-suspended XmrBazaar (a legal Monero marketplace it hosted) without notice after weaponized DMCA/abuse complaints — part of a pattern that also took down Hack Liberty, a 4+ year customer, in March 2026. XmrBazaar was restored after public pushback.

Как читатьуровни

Инцидент ≠ оценка. Провайдер может сохранить A в режиме инцидента. См. методологию.