Case file · Exchange
Haveno (RetoSwap network)
Monero-native, non-custodial P2P over Tor, with no ID ever. But "Haveno" is a framework: you actually trade on an independent network (mainly RetoSwap) - and that network was exploited twice in 2026.
The systematized overview
The bureau vs the internet.
3.0/10 · Guaranteed no-KYC
On privacy it is close to ideal: Monero-native, Tor-only, no account, no ID, and the software cannot even take custody of your funds. But this is where reliability and trust collapse - "Haveno" runs no exchange itself; the live network (RetoSwap) is run pseudonymously and was exploited twice in 2026 for about $2.7M with no confirmed reimbursement, and trading was suspended pending a patch. Under our rule that an unreimbursed loss of user funds caps the score like a fund-freeze, the overall is held to 3/10 - treat this as a live, provisional verdict and a high consumer-protection risk.
3 recurring praises · 3 recurring gripes
Most praised: genuinely no-kyc, monero-native and non-custodial. Most cited downside: two 2026 exploits badly shook confidence.
We track our editorial score and community sentiment separately — neither moves the other. Read together, they're the systematized overview.
The facts
Custody & jurisdiction.
- Jurisdiction
- No legal entity; framework by pseudonymous "woodser", network by RetoSwap
- Custody
- Non-custodial - 2-of-3 Monero multisig (buyer, seller, arbitrator)
- Escrow
- 2-of-3 Monero multisig + refundable XMR security deposit
- Traded
- Monero (XMR) native, vs fiat and BTC/ETH/BCH
- Fiat rails
- No - fiat settled directly between the two traders
- Payment methods
- Per network; bank transfer, cash and others agreed peer-to-peer
- Payment privacy
- Monero-native, Tor by default, local data storage
- Disputes
- In-app chat, then arbitrator (holds 1 of 3 keys) - the 2026 attack surface
- KYC trigger
- None - no account, no ID; peer-run software
- Open source
- Yes - AGPL-3.0, github.com/haveno-dex/haveno
- Audited
- No published independent security audit found
- Operating since
- RetoSwap mainnet since May 2024 (young); core has no mainnet
The full read
Our analysis, in plain words.
Haveno is the Monero community’s answer to no-KYC trading, and on privacy it is about as strong as this category gets: Monero-native, routed entirely over Tor, with no account, no email and no ID, and a design where the software never takes custody of your coins. The official FAQ puts it bluntly - "Haveno is and will always be non-KYC" - and an independent directory scores its privacy 95/100. If identity protection were the only axis, Haveno would sit near the top.
The complication starts with what "Haveno" even is. It is a framework, not an exchange - the core project deliberately runs no live network. Actual trading happens on independent deployments run by separate, pseudonymous operators, and in 2026 that means mostly RetoSwap. So a user is not trusting an accountable company or even a transparent DAO; they are trusting one pseudonymous operator and its arbitrators, with no legal entity anywhere and no independent security audit we could find.
That fragility turned concrete in 2026. RetoSwap was exploited twice - in May an attacker impersonated the arbitrator and drained about $2.7M in Monero, and in June a second, different bug let an attacker release XMR without paying the BTC leg. Trading was suspended pending a full patch, and no reimbursement was confirmed for the May losses. The 2-of-3 multisig means the operator cannot simply steal your funds, but it does not stop a protocol bug, and the arbitrator’s third key was the very surface that was abused. Our verdict reflects that split honestly: privacy near the top, reliability and trust near the bottom because the network recently lost user funds and was not operating normally. Anyone considering it should verify the current status first and treat this score as provisional.
The score, broken down
How the 3.0 is built.
Privacy
weight 50%What identity, data and metadata the service can demand or collect.
92 × 50% = 4.6 of 10
Trust
weight 30%Whether it can technically deliver what it claims — code, audits, age.
42 × 30% = 1.3 of 10
Reliability
weight 20%Whether the no-KYC claim holds under real-world pressure.
15 × 20% = 0.3 of 10
Weighted score was 6.2 — a reliability rule capped it to 3.0. See the rubric →
Every point, sourced
What earned the score.
Privacy
The fine print, read for you
The clause they bury.
“Haveno is and will always be non-KYC. All connections between Haveno peers run through the Tor network. There is no central authority. All trades are P2P between users.”
What it meansThe no-KYC and privacy posture is structural and genuine - Monero-native, Tor-only, no account, non-custodial. On identity protection there is essentially nothing to fault. The problems are entirely on the reliability and trust side.
Read the source →“When the attacker took a trade, they sent a fake, out-of-order ACK message impersonating the arbitrator, causing the software to update the arbitrator’s node address to their own.”
What it meansThis is the May 2026 RetoSwap exploit in reporters’ words: a flaw in the Haveno trade protocol let an attacker impersonate the arbitrator and drain roughly 7,000 XMR (~$2.7M) from live trades. A second, different exploit followed in June 2026. Non-custodial protects you from the operator stealing funds - it does not protect you from a protocol bug, and here there was no confirmed reimbursement.
Read the source →None - no account, no ID, peer-run software over Tor. Trades are secured by 2-of-3 Monero multisig where each party (buyer, seller, arbitrator) holds one key. The real risk is not identity but the protocol: the arbitrator’s third key was the surface abused in the 2026 exploits.
Policy review — point by point
-
Structurally no-KYC and non-custodial
No account or ID, Tor-only, and 2-of-3 multisig where the software never holds funds; the FAQ commits to being non-KYC permanently. ↗
-
Framework, not an exchange
Core Haveno runs no mainnet; you trade on an independent network (RetoSwap) run by a pseudonymous operator, which is who you are actually trusting. ↗
-
Two 2026 protocol exploits, unreimbursed
RetoSwap was drained twice in 2026 (~$2.7M total) via arbitrator-impersonation and dispute-flow bugs; no reimbursement was confirmed and trading was suspended. ↗
-
No independent audit
No formal third-party security audit of the protocol could be found, which is notable given the exploits. ↗
There is no jurisdiction and no entity to point at: the framework is a donation-funded open-source project led by a pseudonymous developer, and the live network is run by a separate pseudonymous operator. This maximizes censorship-resistance and privacy but minimizes recourse - after the 2026 exploits there was no company to pursue, no DAO treasury reimbursement of the kind Bisq used, and no legal claim available.
We keep watching
Incident & policy timeline.
- 2023-2024
Successor to LocalMonero; RetoSwap network goes live
After LocalMonero shut down in Nov 2023, Haveno became the Monero community’s flagship no-KYC DEX. Core Haveno runs no mainnet; the main live network, RetoSwap (formerly Haveno-Reto), launched May 2024 under a pseudonymous operator.
source ↗ - May 2026
RetoSwap exploited for ~$2.7M (arbitrator impersonation)
An attacker impersonated the arbitrator via a fake ACK message and drained about 7,000 XMR (~$2.7M), mostly from large crypto trades. RetoSwap halted trading within minutes and banned the attacker. kycnot.me reports no reimbursement was confirmed.
source ↗ - Jun 2026
Second exploit; trading suspended pending a full patch
A different vector abused the dispute/forced-arbitration flow to release XMR without sending the corresponding BTC - the same arbitrator/multisig subsystem as May. RetoSwap again suspended trading, saying it would stay paused until a full security patch was developed, tested and released. Resumption was unconfirmed as of our review (2026-07-15).
source ↗
The verdict
Where it stands.
Strengths
- Monero-native and Tor-only - the strongest privacy stack in the category
- No account, no email, no ID; the software cannot take custody of funds
- Fully open source (AGPL-3.0), donation-funded, no token
- Fills a real need as the Monero community’s no-KYC DEX after LocalMonero
Trade-offs
- The live protocol was exploited twice in 2026 (~$2.7M) with no confirmed reimbursement
- Both 2026 exploits hit the same arbitrator/multisig subsystem - a design regression, not bad luck
- Trading was suspended pending a full security patch; resumption unconfirmed as of our review
- You trust a pseudonymous network operator (RetoSwap), not an accountable entity
- No independent security audit exists despite the 2026 exploits
- Low liquidity, young network, and a complex install
Across the internet
What reviewers report.
Consistently praised
- Genuinely no-KYC, Monero-native and non-custodial
- Fills the gap left by LocalMonero for private XMR trading
- Successful, private trades reported by users when the network is up
Recurring complaints
- Two 2026 exploits badly shook confidence
- Low liquidity and a complex installation
- Lingering apprehension about network/operator trust
An independent directory rates it highly for privacy (9/10 overall) but its trust score fell to 73/100 with an explicit -19 impact attributed to the two 2026 exploits. Direct Reddit/X threads could not be captured; this synthesis leans on kycnot.me and an arXiv study of Haveno, and should be refreshed with a manual community pass.
Ask the bureau
Haveno (RetoSwap network), common questions.
Is Haveno no-KYC?
Yes, unambiguously - the official FAQ says "Haveno is and will always be non-KYC." There is no account, no email and no ID; it is Monero-native and Tor-only, and the software never takes custody of your funds. On privacy it is one of the strongest options anywhere.
Can I actually trade on "Haveno"?
Not directly. Haveno is a framework, and the core project runs no live network. Real trading happens on independent networks run by separate operators - mainly RetoSwap. You are trusting that specific pseudonymous operator and its arbitrators, not "Haveno" as a single accountable entity.
Is my money safe on Haveno / RetoSwap?
Custodially it is non-custodial - funds sit in 2-of-3 Monero multisig. But the protocol was exploited twice in 2026 for around $2.7M, with no confirmed reimbursement, and trading was suspended pending a patch during our review. This is a high consumer-protection risk right now; check current status and treat our score as provisional.
Why is the score so much lower than its privacy?
Because we weight Reliability and Trust, and both are badly hit: two unreimbursed protocol exploits, a suspended network, a pseudonymous operator and no independent audit. Excellent privacy cannot offset a service that recently lost user funds and is not currently operating normally.
Your exact case not covered? The live Ask the bureau answers it and turns it into a public FAQ.