Mixin Network, a decentralized cross-chain protocol, in a message to the hacker behind the $200 million exploit on Sept. 23 has offered a $20 million bug bounty for the return of the remaining funds.
Mixin Network encrypted the message with the exploiter transaction requesting the exploiter to return the funds as the majority of the stolen funds were user assets.
“Most of our platform assets were users, and we hope you can refund them. You can keep $20M of the assets as a BUG Bounty Reward for the BUG.”
Mixin Network confirmed the exploit on Sept. 25 claiming the exploiters managed to breach a third-party cloud service provider resulting in the theft of nearly $200 million of assets from the platform.
[Announcement] In the early morning of September 23, 2023 Hong Kong time, the database of Mixin Network’s cloud service provider was attacked by hackers, resulting in the loss of some assets on the mainnet. We have contacted Google and blockchain security company @SlowMist_Team…
— Mixin Kernel (@MixinKernel) September 25, 2023
Feng Xiaodong, the founder of Mixin, said at the time that the company would reimburse affected users up to a “maximum of 50%,” with the remaining amount being handed back in bond tokens that the business would then repurchase with its earnings.
Mixin is yet to offer full details about what led to the exploit but an on-chain analytic platform highlighted a history of the hacker’s interactions with Mixin Network. The hacker-associated address 0x1795 received 5 ETH from Mixin in 2022.
While it is still unclear how the exploiters managed to steal $200 million worth of assets through a data breach, cross-chain protocols in the decentralized finance space have been the target of some of the biggest exploits in crypto history. One report indicates more than half of all DeFi exploits occur on cross-chain protocols resulting in losses of over $2.5 billion.
Cross-chain protocols help in interoperability between different chins allowing users to send assets from one blockchain to another. Thus, these cross-chain protocols often hold a significant amount of assets from multiple chains, making them vulnerable to such exploits.