Hong Kong-based decentralized finance (DeFi) project Mixin Network lost around $200m in cryptocurrency in what could already be one of the biggest hacks targeting a web3 platform.
Mixin Network confirmed the attack on September 25, 2023, in a public statement posted on X (formerly known as Twitter).
The statement explained that attackers compromised Mixin’s cloud service provider database on September 23, resulting in the loss of around $200m in cryptocurrency.
“Deposit and withdrawal services on Mixin Network have been temporarily suspended [and] will be reopened once the vulnerabilities are confirmed and fixed. During this period, transfers are not affected,” Mixin said.
“We have contacted Google and blockchain security company Slow Mist to assist with the investigation.”
[Announcement] In the early morning of September 23, 2023 Hong Kong time, the database of Mixin Network’s cloud service provider was attacked by hackers, resulting in the loss of some assets on the mainnet. We have contacted Google and blockchain security company @SlowMist_Team…
— Mixin Kernel (@MixinKernel) September 25, 2023
Mixin Lost $30m of Its Value
A public update by Mixin’s founder Feng Xiaodon was live-streamed from Hong Kong – and in Mandarin – on September 25, in which he explained how to deal with the lost assets to the platform’s users.
Mixin said they would publish summaries in English shortly afterward.
According to DeFi dashboard DeFi Llama, Mixin lost around $30m in total value locked (TVL), a metric used to measure the total value of digital assets locked or staked in a particular platform.
The Mixin protocol and its XIN token were launched in 2017 to provide support for cross-chain transactions, meaning that users can easily send and receive assets between different blockchains without having to worry about exchange rates or fees. They are used by around 10,000 decentralized applications (DApps) worldwide.
Fifth Largest Crypto Infrastructure Hack
Many voices from the crypto community have expressed concern and frustration about the incident, criticizing the fact that a so-called decentralized infrastructure relies so heavily on a cloud service provider database.
The Mixin hack is the fifth most significant cyber-attack targeting cryptocurrency assets outside of crypto exchanges, with the top four happening over the past two years:
- Ronin Network in March 2022 ($624m)
- Poly Network in August 2021 ($611m)
- BNB Bridge in October 2022 ($586m)
- Wormhole in February 2022 ($326m)
Mixin Network was contacted by Infosecurity but did not respond to requests for comment on this issue.
https://www.infosecurity-magazine.com/news/web3-platform-mixin-200m-dollars/
