Haveno, Bisq, BasicSwap: What the arxiv 2505.02392 Paper Actually Demonstrates

An empirical study that was sorely needed

For years, the case for P2P DEXs built on Monero, Bitcoin and Tor rested on the marketing copy of their official websites. Haveno bills itself as a non-custodial peer-to-peer exchange platform, Bisq as the original iteration of the same concept, BasicSwap and UnstoppableSwap as even more minimalist tools. All four claim a combination of decentralization and privacy, yet neither of these two promises had been tested under academic rigor.

The paper "Monero's Decentralized P2P Exchanges: Functionality, Adoption, and Privacy Risks", authored by Yannik Kopyciok and Stefan Schmid (TU Berlin) with Friedhelm Victor (TRM Labs), published on arxiv on May 9, 2025 under identifier 2505.02392v2, fills this gap. The authors conducted six months of passive observation of each of the four platforms, supplemented by static analysis of source code and active testing of trade protocols. The verdict is politely nuanced. It does not invalidate usage, but it tears apart two of the most prominent claims.

First reveal: on-chain patterns are detectable

On Haveno, the trade protocol leaves, according to the authors, "detectable on-chain patterns" that allow an outside observer to correlate a Monero transaction with its Bitcoin equivalent. The signature consists of a specific combination of timing, multisig transaction structure, and relative amounts. Once this fingerprint is spotted on one chain, it becomes possible to match the other side of the exchange with non-negligible probability.

The detail matters for two reasons. First, it contradicts the standard argument that using Monero is sufficient to completely dissociate a trade from its Bitcoin counterparty. Second, it means that chain analysis tools are evolving toward detecting this type of pattern. TRM Labs, employer of the co-author, did not comment on integrating this signal into its products, but the mere co-signature of the paper is a statement.

Second reveal: arbitrators see everything

Haveno and Bisq's arbitration system relies on third-party nodes tasked with settling disputes between traders. When a dispute is opened, the arbitrator gains access to the complete details of the trade, including exact Bitcoin amounts and transaction references. On Bisq, this mechanism relies on a limited number of historical mediators. On Haveno, the architecture relies on arbitrators designated by each mainnet operator.

A verbatim quote from the paper, worth reading slowly: "Haveno and Bisq rely on centralized components such as seed and arbitrator nodes, which introduce resilience and regulatory concerns." In plain terms, the user who opens a trade de facto delegates total visibility over their transaction to the arbitrator, without the latter being technically required to destroy it after resolution.

Third reveal: centralized seed nodes

Seed nodes handle peer discovery and initial coordination. Across the four platforms studied, their number is small, and their operator identifiable. An adversarial state that seized control of or secured cooperation from these nodes would gain a passive observation point over the platform's entire traffic. Not its content, which remains encrypted, but its metadata: who connects, from where, with what frequency.

This point was raised episodically by the Bisq community since 2020. The paper formalizes and measures it. On Haveno, dependence on seed nodes is even more pronounced, as the platform lacks Bisq's operational maturity.

What the paper does not say

None of these vulnerabilities imply that trades are currently compromised. No documented case of effective deanonymization is cited. The authors are careful on this point, emphasizing that their analysis identifies structural risks, not active exploits. They further note that these platforms remain "alternatives to increasingly regulated centralized exchanges," and that they present "varying degrees of decentralization and privacy."

BasicSwap and COMIT, which adopt a different architecture (direct atomic swaps between wallets, without third-party arbitration), escape some of these criticisms but suffer from other limitations: lower liquidity, rougher user experience, thinner community support.

Verdict for the end user

Our directory keeps Haveno and Bisq among the listed services, but their privacy score must reflect the above. For a user whose threat model is limited to centralized exchanges and generic algorithmic monitoring, both platforms remain reasonable to use. For a user whose threat model includes an adversarial state with access to advanced chain analysis, usage must be combined with other precautions: systematic Tor, short sessions, non-correlatable amounts, and ideally, traversal across multiple successive platforms.

BasicSwap and UnstoppableSwap would deserve a higher privacy score if liquidity followed. To date, it does not. The paper concludes with a call for a third generation of atomic swap protocols that would combine the absence of a centralized arbitrator and a usable user experience. We will be watching.