Mixin Network Offers $20M Bug Bounty
Mixin Network, a cross-chain transactional network, faces a $200 million security breach but offers a $20 million bug bounty to the exploiter.
Mixin Network, a cross-chain transactional network for digital assets, recently faced a massive security breach, wiping out $200 million. The company has offered a substantial $20 million bug bounty to the exploiter.
On September 23, 2023, Mixin Network suffered a significant attack, resulting in a loss of $200 million. The Hong Kong-based crypto firm was quick to respond, temporarily halting deposit and withdrawal services to its customers. This was done as a precautionary measure to ensure that the vulnerabilities leading to the breach were adequately addressed.
[Announcement] In the early morning of September 23, 2023 Hong Kong time, the database of Mixin Network's cloud service provider was attacked by hackers, resulting in the loss of some assets on the mainnet. We have contacted Google and blockchain security company @SlowMist_Team… — Mixin Kernel (@MixinKernel) September 25, 2023
Mixin has not provided comprehensive information regarding the exploit's causes, but an on-chain analytics platform has shed light on the hacker's prior interactions with Mixin Network. In 2022, the address linked to the hacker, 0x1795, received 5 Ether (ETH) from Mixin.
In an unexpected move, Mixin Network reached out to the exploiter with an offer. The company publicly communicated to the hacker via Etherscan, stating, "Most of our platform assets were users', and we hope you can refund them. You can keep $20M of the assets as a BUG Bounty Reward for the BUG."
Following the breach, Mixin Network sought external assistance to investigate the incident. The blockchain security company, SlowMist, was roped in to aid with the investigation. The Mixin team, in subsequent communications, reassured its user base, stating that the situation was "much more optimistic than expected" after completing the asset tally work. The company also clarified that the asset losses were not as significant as initially estimated.
The first time the incident occurred, we contacted Google (Mandiant) and blockchain security company @SlowMist_Team to assist with the investigation.
After several days, we have completed most of the asset tally work, and the situation is much more optimistic than… https://t.co/ySOHCkGK7t — Mixin Kernel (@MixinKernel) September 27, 2023
Mixin Network's founder, Feng Xiaodong, addressed the community in a live stream, shedding light on the breach and the company's future plans.
“Regarding the asset losses, we can only take responsibility through action besides apologizing. At the same time, being responsible has always been Mixin's attitude. Specific reimbursement rules still need some time.”
He mentioned that the platform could ensure the security of at least 50% of the assets. The company also hinted at a potential solution to address the lost assets, which would be announced at a later date.