OrangeFren.com - instant, KYC-free, exchange comparison

[examplens]

OK, now I noticed this "partially" (39%) protected. Also, next to the FF name, there is a guarantee worth $23k.
What does both 39% mean?
No matter what the amount is, you will ultimately only get a refund of 39%, even if the full amount in case is significantly less than this $23k guaranteed?

[OrangeFren]

OK, now I noticed this "partially" (39%) protected. Also, next to the FF name, there is a guarantee worth $23k.
What does both 39% mean?
No matter what the amount is, you will ultimately only get a refund of 39%, even if the full amount in case is significantly less than this $23k guaranteed?

No, that's simply because I did some random huge value for the search and $23k was only 39% of it


RetoSwap warning

Almost 7000 XMR ($2.7M) is now believed to have been stolen from RetoSwap users in a recent exploit.

An attacker was both a counterparty and the mediator in large RetoSwap trades. This allowed him to steal $2.7 million by controlling 2 of the 3 keys.

In response trading was halted on this "decentralised" platform.


Following our reporting of the RetoSwap exploit OrangeFren.com has been targeted by DDoS attacks. We have now recovered and are available again.

[dkbit98]

RetoSwap warning

Almost 7000 XMR ($2.7M) is now believed to have been stolen from RetoSwap users in a recent exploit.

An attacker was both a counterparty and the mediator in large RetoSwap trades. This allowed him to steal $2.7 million by controlling 2 of the 3 keys.

In response trading was halted on this "decentralised" platform.

RetoSwap is Bisq fork right?
I think Bisq exchange was also exploited recently, but amount was much smaller, and I don't know if this cases are connected.
When RetoSwap first started I remember hearing people criticizing their security models with keys.

[OrangeFren]

RetoSwap is Bisq fork right?
I think Bisq exchange was also exploited recently, but amount was much smaller, and I don't know if this cases are connected.
When RetoSwap first started I remember hearing people criticizing their security models with keys.

Yep...

Services that halted swaps in the past:
❌ Bisq
❌ THORChain
❌ RetoSwap
❌ Wagyu
❌ and yes the swappers we list on OrangeFren.com

Services that CANNOT halt swaps:
✅ BasicSwap
✅ eigenwallet
✅ RoboSats


MoneroKon ticket giveaway

🎁GIVEAWAY! 🎊

As the organiser of this year's MoneroKon we're giving away 1⃣ ticket for the conference.

You can participate on Twitter: https://x.com/OrangeFren/status/2057800865587626253

[dkbit98]

Services that CANNOT halt swaps:
✅ BasicSwap
✅ eigenwallet
✅ RoboSats

Eigen wallet is really cool, but I hope they could soon add monero-bitcoin exchange in both directions.
I tried BasicSwap several times, but I doubt there is enough real liquidity there.
And last time I checked Robosats only works with lightning network, and I don't use that.

[OrangeFren]

Eigen wallet is really cool, but I hope they could soon add monero-bitcoin exchange in both directions.
I tried BasicSwap several times, but I doubt there is enough real liquidity there.
And last time I checked Robosats only works with lightning network, and I don't use that.

Potential vulnerability found in eigenwallet. Users urged to not use the software

This less than a week after an exploit in RetoSwap and days after one in OpenMonero

[dkbit98]

Potential vulnerability found in eigenwallet. Users urged to not use the software

This less than a week after an exploit in RetoSwap and days after one in OpenMonero

Oh sh.t  
I've come to conclusion that anything that was posted online can be exploited or hacked, sooner or later.
Something is fishy here and I don't think this is just a coincidence, maybe ''someone'' is using AI tools to find bugs in all these software.

[examplens]

Potential vulnerability found in eigenwallet. Users urged to not use the software

This less than a week after an exploit in RetoSwap and days after one in OpenMonero

Oh sh.t  
I've come to conclusion that anything that was posted online can be exploited or hacked, sooner or later.
Something is fishy here and I don't think this is just a coincidence, maybe ''someone'' is using AI tools to find bugs in all these software.

Even if the software is primarily made with AI tools, the existence of bugs is more than expected. 

[Bitcoin_Arena]

Oh sh.t  
I've come to conclusion that anything that was posted online can be exploited or hacked, sooner or later.
Something is fishy here and I don't think this is just a coincidence, maybe ''someone'' is using AI tools to find bugs in all these software.

There was actually talk regarding the use of AI tools to find vulnerabilities in software and exploit them. Apparently, the AI tools are getting so good, and some attacks that would take humans a lot of time to understand and exploit are just child's play with the use of AI.

I think software services might want to use the same AI tools to patch up any potential vulnerabilities before the attackers figure them out. That goes without saying, that there is always a bug waiting to be discovered or exploited in every system

[NotATether]

There was actually talk regarding the use of AI tools to find vulnerabilities in software and exploit them. Apparently, the AI tools are getting so good, and some attacks that would take humans a lot of time to understand and exploit are just child's play with the use of AI.

I think software services might want to use the same AI tools to patch up any potential vulnerabilities before the attackers figure them out. That goes without saying, that there is always a bug waiting to be discovered or exploited in every system

I don't really care.

If people can use AI to exploit vulnerabilities then we can use AI to patch them.

First, the obvious one - stop using Nodejs.

Then other obtuse and subtle vulnerabilities can be dealt with as noticed.

I have access to GPT-5.5 Cyber - I made a threat model with it for one of my projects and it's basically patching stuff by itself.

So if you ask me, I believe the zero-day market prices are definitely going to collapse, not because it won't be possible to exploit stuff anymore, but because the exploits will all be low-quality.