Mixin Network Hacked for $200 Million
On September 23, an unknown attacker hacked Mixin Network’s cloud service provider and siphoned off around $200 million in digital assets.
?SlowMist Security Alert?
On September 23, the Mixin Network cloud service provider database was attacked, the amount of funds involved was ~ $200M.
SlowMist is assisting in the investigation. Please wait for @MixinKernel updates for more information.
— SlowMist (@SlowMist_Team) September 25, 2023
Following SlowMist’s analysis, protocol representatives also confirmed the incident.
[Announcement] In the early morning of September 23, 2023 Hong Kong time, the database of Mixin Network’s cloud service provider was attacked by hackers, resulting in the loss of some assets on the mainnet. We have contacted Google and blockchain security company @SlowMist_Team…
— Mixin Kernel (@MixinKernel) September 25, 2023
According to the statement, the network’s database was exploited. The developers temporarily suspended deposits and withdrawals.
BlockSec analysts said that a possible cause of the breach could be an attack on cloud services where the protocol stored private keys for custodial addresses. As a result, the attacker moved funds from about 10,000 wallets in descending order by balance.
Regarding the @MixinKernel security incident, we have the following findings.
First, a large number of deposit addresses have been drained. The attacker transferred funds in order from the highest to the lowest balance, involving 10,000+ transactions, lasting several hours.…
— BlockSec (@BlockSecTeam) September 25, 2023
Preliminary data indicate that some of the compromised addresses were Mixin hot wallets. The keys to them were likely stored in the cloud with recoverability.
Mixin Network is a peer-to-peer network for cryptocurrencies designed to scale and accelerate transactions. The protocol supports Bitcoin, Ethereum and several other popular coins.
According to the July report, the value of the network’s 100 largest assets is just over $1.1 billion.
Founder Feng Xiaodong of Mixin will discuss the incident in a live broadcast on the evening of September 25, as the project team continues its investigation.
The protocol’s developers offered the hacker a reward of 10% of the stolen funds for their return.
«Most of the assets on our platform belonged to users, and we hope you can return their money. You may keep coins worth $20 million as a bounty for discovering the vulnerability», — said in the message attached to the transaction to the attacker’s address.
Spot the error: the database of a decentralized network got hacked
— Hope (@btctbtctb) September 25, 2023
«Find the mistake: the database of a decentralised network was hacked», wrote one user on X.
Earlier in September, the DeFi project Linear Finance stated that it had suffered an attack, resulting in the loss of all liquidity in the stablecoin ℓUSD on PancakeSwap and Ascendex platforms.
Earlier Balancer announced a frontend breach. The loss was reportedly around $238,000.
Рассылки ForkLog: держите руку на пульсе биткоин-индустрии!