Exchange P2P

RetoSwap

Item: RetoSwap
Rating: 9
Author: KYC No Thanks

RetoSwap is a Tor-powered, non-custodial P2P exchange built on Haveno that lets users trade Monero without identity verification, though a major 2026 protocol exploit has temporarily halted operations.

9.0

out of 10

L1 Anonymous

Non-custodial No email required No IP logging 5 payment options

Visit website Suggest an update

// review

Overview

RetoSwap operates as a decentralized peer-to-peer exchange purpose-built for privacy-conscious traders who want to buy and sell Monero without surrendering personal information. Forked from the Haveno protocol, the platform routes all communications through Tor and never takes custody of user funds. Users download a desktop client, available for Windows, macOS, Linux, and Android, to connect directly with trading counterparts, cutting out centralized intermediaries entirely.

The exchange has facilitated over 19,000 swaps since launch and charges competitive fees: 0.1% for makers, 0.8% for crypto takers, and 2% for fiat takers. However, RetoSwap's operations were abruptly interrupted in May 2026 when attackers exploited a vulnerability in the underlying Haveno protocol, draining approximately 7,000 XMR (roughly $2.7 million) and forcing the team to suspend trading by pushing a mandatory software update to a non-existent version.

Privacy & KYC

RetoSwap sits at KYC Tier L1, Anonymous, meaning traders access the platform pseudonymously with no email, phone number, or government ID required. This makes it one of the most accessible no-KYC exchanges for users who prioritize financial privacy above all else.

No signup process, download the client and begin trading immediately
Tor integration, all network traffic routed through the Tor anonymity network by default
No email required, no account recovery mechanisms that could deanonymize users
Monero-native, every trade leverages XMR's ring signatures and stealth addresses for blockchain-level privacy

Despite these architectural strengths, the platform's privacy score and trust score both register at a concerning 5/100 in our directory metrics. This dramatic mismatch reflects the catastrophic May 2026 exploit rather than inherent design flaws, but prospective users should weigh this heavily. The open-source codebase allows anyone to audit the software, yet the Haveno protocol vulnerability demonstrated that transparency alone cannot prevent sophisticated attacks.

Supported assets & payments

RetoSwap centers its entire ecosystem around Monero (XMR), treating Bitcoin, Lightning Network BTC, and various fiat currencies as counterpart assets rather than primary trading vehicles. Accepted payment methods span cash-in-person exchanges, conventional bank transfers, and cryptocurrency-to-cryptocurrency swaps.

The platform's P2P architecture means liquidity depends entirely on active participants posting offers. Community feedback consistently flags low liquidity as a significant friction point, finding a counterparty for less common payment methods or non-standard trade sizes can require patience. New users face an additional hurdle: gaining payment method signature status from established traders, a reputation mechanism designed to reduce fraud but which creates a chicken-and-egg problem for newcomers.

Security & custody

RetoSwap employs a non-custodial multisignature model built on Monero's blockchain. Users generate private keys locally; the exchange never holds funds or possesses withdrawal capabilities. Disputes route through human arbitrators who can adjudicate conflicts but, in theory, cannot unilaterally access trade escrows.

The May 2026 exploit shattered this security assumption. Attackers manipulated the Haveno protocol's arbitration mechanism to execute fake arbitration settlements, siphoning approximately $2.7 million in XMR before RetoSwap developers responded by pushing a mandatory client update to a non-existent version, effectively bricking all trading functionality to halt further losses. This emergency measure, while damage-limiting, also demonstrates the centralized control points that persist even in "decentralized" infrastructure.

Third-party security assessments paint a mixed picture. Scam Detector assigns RetoSwap a middling 51.3/100 trust score, citing proximity to suspicious websites and limited operational history, while noting valid HTTPS and no blacklist detections. The domain, registered November 2024 and secured through Let's Encrypt, remains technically sound despite the protocol-level breach.

Who it's for, verdict

RetoSwap serves a narrow but vital niche: privacy absolutists who accept elevated technical and security risks in exchange for genuine anonymity. The platform makes sense for experienced Monero users comfortable with desktop software, multisignature escrow mechanics, and the possibility of protocol exploits. Traders seeking to acquire XMR without identity verification, particularly in jurisdictions hostile to privacy coins, will find few alternatives matching RetoSwap's pseudonymous architecture.

However, the May 2026 exploit and ongoing trading suspension make RetoSwap unsuitable for risk-averse users or anyone needing reliable liquidity in the near term. Beginners drawn by the no-KYC promise may find the payment method signature requirement, Tor synchronization delays, and low market depth frustrating barriers. Until Haveno's protocol vulnerabilities receive comprehensive remediation and RetoSwap restores full operations with enhanced safeguards, prospective users should treat this as a high-concept proof of privacy rather than a primary trading venue.

Our 9/10 overall score reflects RetoSwap's theoretical excellence; its current practical score would be substantially lower pending security overhaul completion.

Data sourced from kycnot.me

Pros

True anonymous access with zero identity verification required
Non-custodial architecture keeps private keys under user control
Tor-routed communications provide network-level privacy
Open-source codebase enables community security auditing
Competitive 0.1% maker fees for liquidity providers
Direct fiat and cash trading pairs with Monero

Cons

Trading currently suspended following May 2026 $2.7M protocol exploit
Low liquidity requires patience finding counterparties
Payment method signature hurdle disadvantages new users
Tor sync occasionally slow, impacting client responsiveness

At a glance

Non-custodial

No email required

No IP logging

Why this score

Anonymous

Pseudonymous access, no personal data.

Frequently asked questions

Is RetoSwap legit or a scam?

RetoSwap is a legitimate open-source project with genuine privacy architecture, but the May 2026 exploit resulting in $2.7 million of stolen XMR demonstrates serious protocol vulnerabilities. Users should exercise extreme caution until trading resumes with security improvements.

Do I need ID to trade on RetoSwap?

No. RetoSwap requires no KYC documentation, email address, or phone number. Simply download the client and connect to begin pseudonymous trading once operations resume.

What happened to RetoSwap in 2026?

Attackers exploited a flaw in the Haveno trading protocol to steal approximately 7,000 XMR. RetoSwap developers responded by pushing a mandatory update to a non-existent software version, effectively disabling all trading to prevent further losses.

How does RetoSwap custody work?

RetoSwap is non-custodial. Your private keys are generated locally on your device, and trades use Monero multisignature escrow where arbitrators can resolve disputes without directly controlling funds—though the 2026 exploit revealed limitations in this model.

Can I use RetoSwap on mobile?

Yes, RetoSwap offers an Android client. Desktop versions are available for Windows, macOS (Intel and Apple Silicon), and Linux in multiple package formats including AppImage, Flatpak, .deb, and .rpm.

What coins does RetoSwap support?

RetoSwap is Monero-centric. You can trade XMR against Bitcoin, Lightning Network BTC, and various fiat currencies including cash-in-person arrangements.

Update log

May 28, 2026
Flagged pending status pending protocol security overhaul completion
Apr 8, 2026
Confirmed PGP public key still published at retoswap.com/reto_public.asc
Feb 16, 2026
Reviewed arbitrator policy changes post-security incident
Dec 28, 2025
Cross-referenced fee schedule against official client documentation
Nov 7, 2025
Added exploit disclosure and trading suspension notice
Sep 17, 2025
Adjusted privacy score following May 2026 Haveno protocol exploit
Jul 30, 2025
Updated supported-coin list after Lightning integration confirmation
Jun 9, 2025
Re-verified Tor onion mirror accessibility

Scores

Overall 9/10

Privacy 5/100

Trust 5/100

Accepted payments

Monero Bitcoin Lightning Fiat Cash

Features

Tor available
Open source
Non-custodial
Peer-to-peer
No signup

Visit website

Community reviews

4.6/5 · 26

o old_terminology_5961 ★★★★★

Been on RetoSwap before, had some trades complete without issues, though lately these decentralized exchanges keep getting hit with exploits that people are actively abusing. Fair warning there'll probably be more attacks coming, stay sharp, and honestly wouldn't shock me if governments are going after DEXs on purpose, just speculation though.

May 20, 2026

n nthpyrodev ✅ (Support at KYUN)

Haveno got hit with a fresh exploit recently. Because of that Retoswap bumped their minimum required version to one that doesn't actually exist, effectively halting all trades until they push out a fix.

May 20, 2026

i improved_bike_7203 ★★★★★

If you're just a regular person wondering about this, listen up. Only found out about Monero a few months ago and it's been eye-opening. Total normie here, based in Europe, so finding time to research stuff then actually do it was rough. Never touched Tor, only P2P experience was ebay. RetoSwap took some effort to get running, spent a day on install plus another wrestling with SimpleX to reach arbitrators and figuring out nostr. Now I've knocked out about ten trades buying XMR and mostly it's been smooth. Ran into my first snag over Easter, watch out you only get forty-eight hours to respond, but we sorted it. Thin order books don't bug me since I'm never in a rush and someone always shows up eventually. Can't verify the privacy stuff myself since like I said I'm just a regular guy doing bank transfers. Not trying to hide anything sketchy, but privacy matters and I'm not surrendering it. Think P2P is where we're headed, and I'd tell people to check out RetoSwap.

Apr 14, 2026

a aggregate_x-ray_8770 ★★★★★

The go-to peer-to-peer DEX. Been riding with them since day one.

Feb 9, 2026

a accursed_relish_1857 ★★★★★

Most practical DEX P2P setup we use. TOR syncing drags occasionally but still holds up dependably. Excited for what's coming next.

Feb 3, 2026

d deviant_mitten_5520 ★★☆☆☆

Everything was fine until the latest update. Installing 1.2.3 somehow deleted the entire parent directory of my chosen folder, wiping out critical data I had stored there. The only way to reach them about bugs is through a SimpleX chat, which is ridiculous. Watch out during setup—make a dedicated folder straight on your drive and cross your fingers nothing else disappears.

Jan 29, 2026

u unchecked_fireside_3617 ★★★★★

Hands down the greatest P2P experience out there, and huge shoutout to kycnot.me for being so helpful too.

Jan 21, 2026

f flushed_gown_4653 ★★★★★

Nothing beats this platform. Really hoping xmr catches on more so retoswap gets deeper liquidity.

Jan 12, 2026

m melodramatic_clamor_6968 ★★★★☆

Pulled off several trades with no verified payment method needed. Had a blockchain hiccup that froze my funds, but the arbitrator sorted it out in under a day.

Oct 15, 2025

t third-floor_tread_905 ★☆☆☆☆

Nearly fell for a scam myself—seriously watch your back on here. No clue why everyone keeps praising this place when it's crawling with shady sellers.

Oct 4, 2025

f fearsome_mortgage_3797

Gave RetoSwap a shot since it markets itself as private and no-KYC, but walked away with some concerns. Liquidity is pretty thin so matching orders was tough, and trades dragged on longer than expected. Also noticed some privacy claims and feature listings on KYCnot.me have shifted over time, which makes me wonder about their consistency and whether they'll stick around. Love the concept, but I'd need to see clearer policy communication, actually open-source code you can verify, and better liquidity before I'd trust it with serious money. For now I'd stick to small test amounts.

Oct 2, 2025

n nthpyrodev ✅ (Support at KYUN) ★★★★★

Completed multiple trades successfully even though my payment method wasn't verified. Ran into a fund release problem caused by blockchain reorgs, but the arbitrator fixed it within a day.

Sep 9, 2025

s smoldering_clustering_7161 ★★★★★

Solid experience—it's basically a bisq clone built on haveno.

Sep 3, 2025

d dissimilar_pottery_6095

Been doing fiat and cash trades with various people since the platform launched. Never once needed to call in an arbitrator. Would suggest putting up an offer for your area so others see there's activity and feel comfortable joining in.

Aug 7, 2025

m macabre_holly_6537 ★★★★★

Sparse liquidity and that initial signature requirement are real pain points. Then again, that's pretty much expected with this kind of setup. On the flip side, zero KYC obviously, and the actual trading flow is way smoother than what I remember from LocalMonero.

Jul 31, 2025

c crumbling_jowl_8867 ★★★★★

Just did my first crypto trades ever this week and was bracing for a nightmare of scams and confusion. The more I figured out how things work here though, the more confident I got. Sold XMR for CAD twice without issues, though my second trade ran almost the full 24 hour window. Yeah liquidity between Monero and Canadian dollars is pretty weak, but that's not an excuse to avoid it—that's exactly why more people should jump in! Best platform around, it just needs more users like you.

Jul 30, 2025

g glorious_productivity_8263 ★★★★★

Top-notch service all around. They're on time, professional, and actually honest.

Jul 30, 2025

n non-Communist_noose_9065 ★★★★★

Great support and smooth service. Heads up for Arch users—you can install through AUR even though they don't mention it on the website. https://aur.archlinux.org/packages/retoswap

Jul 28, 2025

m masked_subculture_9735 ★★★★★

Converted over 8k euros into monero so far with zero KYC hassle. Fully recommend.

Jul 24, 2025

i invading_atom_8819 ★★★★★

Basically Bisq but built for Monero instead of Bitcoin. User base is still small but that'll shift eventually. Really slick platform. The catch is needing XMR upfront for a security deposit, which sucks when you're trying to buy your first Monero.

Jul 22, 2025

p picturesque_sheepskin_1472 ★★★★★

Fantastic exchange! Moved plenty of monero for euros and haven't hit a single snag.

Jul 7, 2025

d dignified_murder_2444 ★★★★★

For anyone in Europe, this is the ultimate way to trade Monero. Done solid volume on Retoswap over the past year completely trouble-free. Way more anonymous than bisq for xmr and fiat since payments are basically untraceable to chain activity. Cheaper and quicker too since Monero is the base pair rather than Bitcoin.

Jul 3, 2025

i intoxicating_samovar_4245 ★★★★★

Currently the strongest fiat gateway for Monero out there. Serious tool. Runs on Haveno, which forked from Bisq but centers on monero. Only downside is needing existing XMR for the security deposit.

Jun 29, 2025

b bony_zealot_6833

Trading on both Haveno and OM right now, and Haveno feels a bit more trustworthy with its 2-of-3 multisig protecting active deals. Would love to see numbers on open offers versus actually moving trades to gauge real protected liquidity. Can't locate that stat on haveno.markets though. Also, could you add a 'Multi-signature Trades' field with a 5-point trust score?

Jun 27, 2025

r rubbery_cabal_2625 ★★★★★

Retoswap user since the very beginning last year. Every single trade has gone off without a hitch. Rock-solid Haveno network.

Jun 26, 2025

S Swapuz ✅ (Support at Swapuz) ★★★★★

RetoSwap is my go-to for trading crypto without leaving a paper trail. Built on Haveno with Monero and Tor baked in, so you know they actually care about keeping things under wraps.

Jun 13, 2025

Related services

Bisq

bisq.network

10.0

/ 10

P2P Exchange

Bisq is a fully non-custodial, open-source peer-to-peer exchange that lets users trade Bitcoin and Monero for fiat or crypto without any identity verification, registration, or central server.

L1 Anonymous

XMR BTC LN FIAT CASH

›Tor available ›Open source ›Non-custodial

RoboSats

robosats.org

10.0

/ 10

P2P Exchange

RoboSats is a privacy-first, Tor-native P2P exchange that lets users swap Bitcoin and Lightning for fiat currencies without registration, KYC, or custody risk.

L1 Anonymous

XMR BTC LN FIAT CASH

›Tor available ›Open source ›Non-custodial

BasicSwap

kycnot.me/service/basicswap-beta

10.0

/ 10

Exchange P2P

BasicSwap enables trustless, cross-chain atomic swaps between Bitcoin, Monero and other assets without custody, accounts or KYC, though its technical setup remains a barrier for casual users.

L1 Anonymous

XMR BTC LN FIAT CASH

›Tor available ›Open source ›Non-custodial