We have seen VPS operators steal funds and it's very easy for them especially when you start analyzing further security implications on a VPS like being unable to encrypt the entire instance yourself because they spin up an instance themselves "for you".
Honestly, better to get hacked now and fix things than risk getting hacked later without even knowing. I take responsibility for the old setup. I was hosting everything on one server. But that's changed, the frontend now runs on its own server, and the backend is on a different one, with a different hosting provider. That way, if something happens again, it minimizes the damage.
We were down for almost 2 weeks due to an issue with the hosting providers dashboard (alexhost). All my top vendors got refunded yesterday, and the rest should be done in 2 - 4 months. OM is here to stay for at least 15 years. I think it takes around 2 years to really build solid security for a darkFI project like this.
They tried using shortcut from the word go. In the now deleted thread, the red flags were there right from the word go -
OpenMonero is the REAL domain for a new LocalMonero groupBasically trying to ride on the previous success of localmonero/Agoradesk who had honorably bowed out of business. A contact with the localmonero representative revealed that they didn't approve of such behaviors and warned people about using openmonero.
I have told you many times before, Openmonero is a distinct project and I don't need approval to use their open source code. Why else would you make a code open source. Its because you want to share the code, design, style, etc. Why the fuck do I need approval. Sorry, but you are a pretty ignorant person and a spammer as well. You post the same nonsense again and again. I have left a negative trust entry in your profile.
Moreover, localmonero nulled the all the text from localbitcoins.com and not giving any credits at all but you don't care for some reason. I mean how can u rip something if its already ripped? At least, I am honoring the LM project event though they deserve shit.
Go to openmonero.com, scroll down (to footer) and read the following credits:
This project was inspired by Agoradesk.com (agoradesk-app-foss).
While the codebase has been entirely rewritten, certain text elements and CSS styles were adapted from the original work. We appreciate the contributions of the original authors and the open-source community that made this project possible.
Isn't this like the second or third time they have been hacked?
Seriously? I have not heard of any hack about Openmonero before, only what I know about the platform is that it is decentralized. Maybe the hacks were of little amount of money like this one because if 200 monero was stolen, that is still less than $70000. This has been the lowest that I have read about before.
The operator confirmed that all funds have been lost. Does this mean that 200 monero represents the full amount of liquidity on the platform? Considering that Monero maintains a robust global liquidity of about $150 to $300 million in daily volume accross exchangers.
Note that the Ethereum DeFi protocol Ambient Finance, formerly known as CrocSwap, suffered an 84 ETH (more than $110K) drain due to a smart-contract vulnerability [1] on the same date, June 8th.
[1]
https://www.cryptotimes.io/2026/06/08/ethereum-defi-protocol-ambient-finance-suffers-110k-drain/I have built openmonero.com in such a way to be against exit scams, but it can only work with low liquidity but big volume. Self-custodial trade funding esures that there is never a big amount of honey in the pot. It really is about timing and making sure that your funds are only at risk for a very short period of time. I knew OM would be hacked sooner or later and I wanted to be able to refund all my users, which is exactly what I did.
See self-custodial trade funding in my FAQ:
http://cegtyerm55uadttx5ayaptwgk4anwlqilx56fvn4iyxjghdewhzc6qqd.onion/faq#self-custodial-trading-funding
This part is interesting. I wonder if it was some zero-day, or if he simply did not update the server regularly for security patches.
It was a vulnerability in the dashboard of the hosting provider (alexhost.com). See screenshot from support ticket:
https://t.me/p2p_monero_talk/7285You can even read on trustpilot.com that all alexhost servers were down on the exact day when OM wallet got drained. Someone had direct root access via VNC. The rest is history.
Well, well... Why am I not surprised
After the past sagas and hack stories. I don't think anyone serious would believe anything they say or even use the platform. Personally I am never going to use it.
You don't seem to understand that openmonero.com is the biggest p2p platform with monero as the base currency. Ppl need to understand that. Its because of the user experience, the support and the refund program. You can hack it 10 times, it will always come back, but stronger than before.
The project is fully back up and running now. I ve switched the servers around, reset the onion address, environment variables, and backup codes to make everything more secure. We ve also done a pretty big redesign, adding full wallet isolation from the frontend, and the backend IP is now hidden too. 90 XMR were refunded just yesterday.
