Mixin Network Suffered $200M Breach
Mixin Network's database breach leads to $200 million loss, prompting temporary suspension of services. Investigation underway with assistance from SlowMist.
On September 23, Mixin Network's cloud service provider's database was compromised, leading to a loss of assets on its mainnet. The affected funds were estimated to be around $200 million. Mixin Network, a decentralized wallet service provider, supports 48 public blockchains and features a combined network asset value exceeding $1 billion.
[Announcement] In the early morning of September 23, 2023 Hong Kong time, the database of Mixin Network's cloud service provider was attacked by hackers, resulting in the loss of some assets on the mainnet. We have contacted Google and blockchain security company @SlowMist_Team… — Mixin Kernel (@MixinKernel) September 25, 2023
At the moment of the breach, Mixin Network took quick action. Deposit and withdrawal services were temporarily suspended, although asset transfers within the network remained unaffected. The company enlisted the expertise of blockchain security firm SlowMist to aid in the investigation.
????SlowMist Security Alert????
On September 23, the Mixin Network cloud service provider database was attacked, the amount of funds involved was ~ $200M.
SlowMist is assisting in the investigation. Please wait for @MixinKernel updates for more information. — SlowMist (@SlowMist_Team) September 25, 2023
An autonomous inquiry conducted by the Web3 SaaS analytics platform 0xScope uncovered a prior association between the hacker and Mixin Network. During 2022, the wallet address 0x1795, which has been associated with the hacker, received a 5 ETH transfer from Mixin Network and subsequently deposited it into Binance.
Hacker's address 0x1795 was previously used to receive ETH from Minix
As per an analyst from 0xScope, the hacker opted to swap Tether (USDT) into DAI to mitigate the risk of the funds being frozen.
An address connected to the recent $200M @MixinKernel #hack received 5 $ETH from the platform last year and deposited 5.9 $ETH on #Binance soon after.
Also, the hacker then swapped $USDT for $DAI to avoid being frozen.
See how the hackers used addresses in the Mixin attack below pic.twitter.com/x3rfyMAv5W — 0xScope (???? . ????) (@ScopeProtocol) September 25, 2023
Furthermore, Mixin's founder, Feng Xiaodong, scheduled a public Mandarin livestream on September 25 to discuss the incident. The company also committed to providing an English content summary for a global audience. The Mixin team expressed their determination to minimize losses and apologized for the incident.
One of the critical discussions that emerged post-breach was Mixin Network's reliance on a centralized database. Critics pointed out that for a platform that champions decentralization, such a dependency creates a single point of vulnerability.
The aftermath of the breach was immediately felt in the market. Mixin Network's native cryptocurrency, XIN, faced significant selling pressure. As of the latest data, XIN was trading at $192.46, with a market capitalization of $115 million.