Decentralized peer-to-peer network Mixin Network has lost approximately $200 million in a hack involving the compromise of the database of a third-party cloud service provider.
On Sept. 25, Mixin Network confirmed that a hack conducted two days ago — on Sept. 23 — drained approximately $200 million worth of crypto assets from its mainnet. An immediate suspension of all deposit and withdrawal services on Mixin Network followed the revelation.
[Announcement] In the early morning of September 23, 2023 Hong Kong time, the database of Mixin Network’s cloud service provider was attacked by hackers, resulting in the loss of some assets on the mainnet. We have contacted Google and blockchain security company @SlowMist_Team…
— Mixin Kernel (@MixinKernel) September 25, 2023
Mixin Network appointed blockchain investigator SlowMist as well as Google to help investigate the hack as the Mixin team attempts a recovery. At the time of the hack, Mixin held $94.48 million in Ether (ETH), $23.55 million in DAI (DAI) and $23.3 million in Bitcoin (BTC), according to a separate investigation conducted by PeckShield. The total portfolio amounted to $141.32 million.
Deposits and withdrawals on Mixin Network will recommence “once the vulnerabilities are confirmed and fixed.” The plans to recover the lost assets for users were not announced immediately.
While it was initially promised that Mixin founder Feng Xiaodong would explain this incident in a public Mandarin live stream at 1:00 AM ET (1:00 PM HKT) on Sept 25, links to the live stream were not provided on official social media channels such as X (formerly Twitter) or its official website mixin.network.
Mixin Network did not respond to Cointelegraph’s request for comment at the time of writing.
Ethereum co-founder Vitalik Buterin recently suffered a hack that compromised his social media profile on X.
Buterin confirmed that he fell victim to a SIM swap attack after “someone socially-engineered T-mobile itself to take over my phone number.” SIM swap or simjacking attacks aim to control the victim’s mobile number and use two-factor authentication (2FA) to access social media, bank, and crypto accounts.