Recent research conducted by the Weizenbaum Institute, TRM Labs (San Franciso) and TU Berlin indicate that Retoswap, formerly known as Haveno-Reto, does not provide the privacy protections it advertises. Despite its marketing claims, this platform functions as a sophisticated decoy. The narrative of being non-custodial and decentralized is a carefully crafted illusion designed to attract unsuspecting users and foster a false sense of security.
https://xcancel.com/noosphere888x2/status/1922044150716715102#mDarknet operators who assume Retoswap is suitable for laundering should reconsider. Their activities are under constant surveillance. The supposed privacy offered by Retoswap is an illusion.
Retoswap Trades Are Fully TraceableTo test our findings, we logged Haveno trades for two weeks and executed five test trades within the observation period. For all five transactions, we successfully identified all XMR transactions.
Additionally, we demonstrate that Haveno trades leave detectable on-chain footprints, allowing cross-chain transaction linking.
Source:
https://arxiv.org/pdf/2505.02392Haveno has been discussed in greater detail as it evolved to one of the most prominent exchanges in the context of Monero. While strong promises claim privacy with every transaction and independence from any central authority, the current implementation raises uncertainty. Our analysis showed detectable on-chain patterns and weaknesses in the platform that can be exploited to match transactions across chains.
It is noteworthy that some of the most active dark web exchanges, administrators, vendors, and key figures may have already utilized Retoswap to launder illicit gains or transfer substantial amounts of BTC and XMR. These individuals often believe their anonymity is safeguarded due to the platform’s purported decentralization. However, all Retoswap crypto-to-crypto transactions are inherently traceable.
Retoswap has apparently handled over 50 million dollars in transactions, which is pretty impressive considering it’s been around for less than a year. It looks like big players like hackers, darknet admins, and other underground groups are already using it to move big amounts of money.
Source:
https://xcancel.com/RetoSwap/status/1930953817228481022#mWhile speculative, there are reasons to suspect that recent LE actions may not be coincidental. Authorities have tracked down major operators, likely due to the on-chain trail left by Retoswap activities. According to haveno.markets, approximately 90% of liquidity involves BTC-XMR swaps, transactions that are fully traceable. Every transaction is publicly recorded on-chain with exact timestamps, amounts, and payment methods, leaving a permanent digital footprint.
While trade statistics provide valuable metrics for users, their network propagation should be obfuscated to preserve trade privacy.
Source:
https://arxiv.org/pdf/2505.02392In summary, admins of coin-swap services can easily monitor BTC to XMR trades. But usually, it’s not a big deal because users trust these providers not to share details like timestamps, amounts, or other info. On the flip side, with platforms like Retoswap, anyone can potentially track transactions, it’s not just the admins. That’s because haveno.markets openly shares trade stats, making it easier for third parties to analyze and follow the transactions.
May freeze or seize fundsRetoswap runs on Haveno, which is a decentralized, non-custodial multi-sig exchange. That’s true because your private key is generated locally, so only you have access to your funds in the Haveno wallet.
However, to publish a sell offer, a vendor must lock up coins (15% security deposit and the trade amount). These funds can potentially be frozen or seized because the admin can easily have two keys required to sign a transaction. The haveno FAQ suggests that the admin/arbiter only has one key, but in practice, anyone can become a taker, there is practically nothing preventing the admin from possessing two keys.
Some users have spoken out about this openly on platforms like Nostr, Reddit, and others, raising concerns about potential exit scams in how the system is set up. So, it’s worth being aware of these issues before jumping in.
Quote /u/jossfun:
Haveno relies upon arbitration by the network you’re operating on. In a case where the arbitrators act maliciously they can create trades where they control 2/3 keys to seize funds.
Source:
https://rl.bloat.cat/r/Monero/comments/1h4icot/is_haveno_anymore_secure_than_trading_with_a/Cached:
https://archive.ph/bB1VNQuote shortwavesurfer2009:
The way it would work would be that an arbitrator would create a bot to take the offers and then use the key from the taker bot and their arbitrator key to steal the escrow which contains the seller's Monero plus their security deposit.
Source:
https://primal.net/e/nevent1qqs0h2fvwvcsg58l6xw9hwpav4kk3vry933rrm6pparrf0s7p9rel6gpz4mhxue69uhkg6t5w3hjuur4vghhyetvv9uszyrhwden5te0v5hxummn9ekx7mp0qythwumn8ghj7en9v4j8xtnwdaehgu3wvfskuep0mvpr6fCached:
https://archive.ph/gSRVs#25%Quote /u/WoodenInformation730:
To post an offer, you have to deposit the amount + security deposit. If an arbitrator acts maliciously, they could take an offer and essentially steal the funds by signing the 2/3 multisig transaction, since they'd have two keys.
Source:
https://rl.bloat.cat/r/Monero/comments/1l5jkp2/openmonerocom_got_hacked_as_reported_in_their/mwj10k3/?context=3#mwj10k3Cached:
https://archive.ph/icuxp#45%Exit Scam ScenarioQuote SaberhagenTheNameless:
...afaict Haveno/Retoswap, in it's current state, has more at risk from rugpulls than necessary - currently over a million USD at stake.
Sell offers are sitting there waiting to be automatically locked into a 2/3 multisig once taken (from potentially malicious admins controlling arbitrator/taker bots meaning they would have enough keys to steal)
Right now nothing is really preventing admins from sweeping the entire orderbook on the sell side.
Source:
https://primal.net/e/nevent1qqsy7hmx9n2ws94x92ftvc44ylkejyg8ygw9z9pt4eswj44yqewp3jcpzamhxue69uhkvet9v3ejumn0wd68ytnzv9hxgtcppemhxue69uhkummn9ekx7mp0qy08wumn8ghj7mn0wd68yttsw43zuam9d3kx7unyv4ezumn9wshs0gztdfCached:
https://archive.ph/JOqDC#25%Source:
http://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/c2435fb29e7b9d8ab8b8Quote: /u/monero_desk_support:
After some thoughts, I think you are right and that the arbitration system in Haveno doesn't prevent arbitrators from pulling the funds. They would need to create a bot that takes all the offers and automatically unlock the funds with the key of the taker and arbitrator
Source:
http://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/4e7e530582ff902b6903/#c-cac5570453f7fa9f42Single Point of FailureThe Haveno software is not inherently secure due to its design, which allows multiple arbitrators under the control of a single administrator. This reliance on a central authority creates a vulnerability, as the administrator serves as a potential single point of failure. Consequently, it remains unclear why some perceive Haveno as a decentralized exchange, despite these concerns.
Also it wants you to pre-fund your offers, even though that's a security issue and not really necessary. Plus, it looks like one person, the network operator, has all the power over the liquidity, which kinda goes against the whole decentralized thing they claim.
References:
https://primal.net/e/nevent1qvzqqqqqqyqzqpg8r34v5d5z4ecxmc0c749cwjalaw4xu2ttpnh8zms0lhfepg450s7qlkhttps://primal.net/e/nevent1qqsx8cs8tlq2xg25535uaxvhth49cmnflf5z0wdvu9ex7wa38w5y5xscrjjzphttps://archive.ph/GsDsnhttps://simplifiedprivacy.com/openmonero-interview-with-the-dev/compared-to-reto.html Centralization of XMR market and tracking every transactionRetoswaps objective appears to be the centralization of XMR liquidity through their unique setup with pre-funded offers. Furthermore, Woodser (developer associated with Haveno) has not addressed the rugpuller bot issue that I initially identified six months ago. This is not due to incompetence but rather suggests a lack of independence, as the Reto guy has accepted donations from questionable sources. Such actions raise concerns about the integrity of the haveno development process.
Source: link to shortwavesurfer about donations
Quote /u/mister_monster:
So, Reto has basically no fees right now. They don’t really benefit financially from being the only haveno network with liquidity. Yet, it does seem that they do want to have a monopoly position within our community.
Source:
https://monero.town/post/5172146Amazon used the same tactic to take over the market, operating at a loss and funded by questionable sources until competitors were pushed out. Now, this new platform is promising decentralization, non-custodial transactions, and privacy. But the reality is, none of that seems to hold up. It's all about crushing the competition and cornering the XMR market, and tracking every transaction? That's not exactly a recipe for trust. It might not be a honeypot, but it sure smells a lot like one. Proceed with extreme caution.