Decentralized Bitcoin exchange Bisq has revealed that approximately 11 BTC was stolen following a security breach announced at the beginning of May 2026. Known for its privacy-focused approach, the platform facilitates peer-to-peer trades among users with no centralized intermediaries. In the latest incident, the exchange’s version 1 trade protocol was exploited, allowing attackers to withdraw Bitcoin from open offers.
Details of the breach and initial findings
In an initial statement released last Friday, Bisq indicated that an exploit had been identified which enabled an attacker to withdraw funds from some open offers. An update on May 3 confirmed that around 11 BTC had been stolen. Only altcoin trades were affected by the incident, and the final figure may change as more users report their losses to the system.
Bisq suggested the exploit was likely carried out using AI-enhanced techniques, but did not disclose specific details about the role artificial intelligence played in the breach. Research published by Binance in 2026 highlighted that AI-driven attacks were found to be twice as effective at identifying smart contract vulnerabilities, and the cost of such attacks had dropped by approximately 22 percent every two months.
The project update noted, “We are clearly facing a rising trend of AI-powered attacks, and we believe AI played a role in this case as well.”
Additionally, it was reported that AI-boosted scam methods attract about 4.5 times more funds compared to traditional techniques, while cases of identity impersonation have surged by 1400 percent year-on-year.
Refund plan and user process
Bisq developer Henrik Jannsen shared on GitHub that work is underway on a comprehensive compensation plan to fully cover losses and minimize user disruption. Users seeking restitution for their crypto assets are first required to submit an arbitration request via the Bisq protocol. The window for altcoin trades is set at 10 days, and for fiat trades, 20 days. Arbitration proceedings can commence once these periods expire.
Implementation of the refund proposal will require a vote on Bisq DAO, with the voting cycle expected to conclude around May 25. During this period, users can choose to receive compensation in either Bitcoin or Bisq’s native governance token, BSQ.
According to a statement from Henrik Jannsen, “Our aim is to reimburse users as soon as possible in Bitcoin, with BSQ as an alternative for those who prefer it. This is to help avoid further losses from price volatility.”
Nevertheless, some users have voiced concerns on X about receiving compensation in BSQ. One user pointed out that having to collectively convert BSQ to BTC could cause users to incur losses. Another user raised questions about the potential length of the compensation process.
New approaches to AI-driven attacks
The incident underscores the security vulnerabilities posed by artificial intelligence in the decentralized finance (DeFi) sector. In a recent test by a16z crypto, new-generation AI coders achieved up to a 70 percent success rate in detecting past price manipulation cases on Ethereum. The research suggests that as attackers increasingly leverage AI, the need for updated security measures becomes more pressing.
For Bisq specifically, users’ next steps begin with the arbitration window opening from May 11. The process for resolution is expected to wrap up by early June, while the DAO vote on May 25 stands out as the other major milestone.
