You may find this surprising, but just two days after the hack, I successfully open sourced the first decentralized peer-to-peer platform fully operational on NOSTR. This new repository represents the pioneering P2P Monero exchange featuring a decentralized reputation system and a federated order book. It incorporates all the functionalities typically found on openmonero.com, excluding self-destructing messages. Importantly, anyone can run their own instance, as the backend code is entirely open-source. The implementation is straightforward to audit, lightweight (only 4,500 lines of code) and genuinely decentralized, leveraging an open protocol like NOSTR that requires no additional software.

Frontend: httphttps://rf5cqoxqlitdx4umuce5dgihjzabql4hs3zjkvs3em7xzjfa5yyhkeqdgit.onionopenmonero.co/om/openmonero-dex" class="ul" rel="ugc">httphttps://rf5cqoxqlitdx4umuce5dgihjzabql4hs3zjkvs3em7xzjfa5yyhkeqdgit.onionopenmonero.co/om/openmonero-dex
Backend: httphttps://rf5cqoxqlitdx4umuce5dgihjzabql4hs3zjkvs3em7xzjfa5yyhkeqdgit.onionopenmonero.co/om/openmonero-dex-api" class="ul" rel="ugc">httphttps://rf5cqoxqlitdx4umuce5dgihjzabql4hs3zjkvs3em7xzjfa5yyhkeqdgit.onionopenmonero.co/om/openmonero-dex-api

The primary objective is not to achieve absolute prevention of hacks, since no system can be 100% secure, but to minimize potential damage from the outset, similar to the principles of Qubes OS. This incident demonstrates that openmonero.com remains one of the most secure platforms available, capable of handling significant volume while maintaining minimal funds at risk, thus limiting potential losses in the event of a breach.

To date, approximately USD 20,000 worth of user funds have been stolen, along with USD 3,000 in arbiter funds, despite a monthly trading volume approaching half a million dollars. Had I employed a setup similar to Haveno, I estimate that losses could have exceeded USD 2.5 million making recovery efforts challenging.

OpenMonero remains one of the most secure platforms out there, thanks to its use of non-custodial trade settlements, non-custodial funding, and relatively quick trade finalization (on hour).

You can read more about the hack here: http://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/59e5b924658bac9124d0

Quote from: NotATether on June 08, 2025, 11:46:08 AM

It turns out that your trading platform is still vulnerable if you're able to extract all funds from it including from counterparties.

Since offers on openmonero.com don’t require any pre-funding, the potential damage remains quite limited (similar to a single McDonald's salary).

You may find this surprising, but just two days after the hack, I successfully open sourced the first decentralized peer-to-peer platform fully operational on NOSTR. This new repository represents the pioneering P2P Monero exchange featuring a decentralized reputation system and a federated order book. It incorporates all the functionalities typically found on openmonero.com, excluding self-destructing messages. Importantly, anyone can run their own instance, as the backend code is entirely open-source. The implementation is straightforward to audit, lightweight (only 4,500 lines of code) and genuinely decentralized, leveraging an open protocol like NOSTR that requires no additional software.

Frontend: http://rf5cqoxqlitdx4umuce5dgihjzabql4hs3zjkvs3em7xzjfa5yyhkeqd.onion/om/openmonero-dex
Backend: http://rf5cqoxqlitdx4umuce5dgihjzabql4hs3zjkvs3em7xzjfa5yyhkeqd.onion/om/openmonero-dex-api

The primary objective is not to achieve absolute prevention of hacks, since no system can be 100% secure, but to minimize potential damage from the outset, similar to the principles of Qubes OS. This incident demonstrates that openmonero.com remains one of the most secure platforms available, capable of handling significant volume while maintaining minimal funds at risk, thus limiting potential losses in the event of a breach.

To date, approximately USD 20,000 worth of user funds have been stolen, along with USD 3,000 in arbiter funds, despite a monthly trading volume approaching half a million dollars. Had I employed a setup similar to Haveno, I estimate that losses could have exceeded USD 2.5 million making recovery efforts challenging.