Web3 Platform Mixin Network Hit by $200m Crypto Hack

Hong Kong-based decentralized finance (DeFi) project Mixin Network lost around $200m in cryptocurrency in what could already be one of the biggest hacks targeting a web3 platform.

Mixin Network confirmed the attack on September 25, 2023, in a public statement posted on X (formerly known as Twitter).

The statement explained that attackers compromised Mixin’s cloud service provider database on September 23, resulting in the loss of around $200m in cryptocurrency.

“Deposit and withdrawal services on Mixin Network have been temporarily suspended [and] will be reopened once the vulnerabilities are confirmed and fixed. During this period, transfers are not affected,” Mixin said.

“We have contacted Google and blockchain security company Slow Mist to assist with the investigation.”

Mixin Lost $30m of Its Value

A public update by Mixin’s founder Feng Xiaodon was live-streamed from Hong Kong – and in Mandarin – on September 25, in which he explained how to deal with the lost assets to the platform’s users.

Mixin said they would publish summaries in English shortly afterward.

According to DeFi dashboard DeFi Llama, Mixin lost around $30m in total value locked (TVL), a metric used to measure the total value of digital assets locked or staked in a particular platform.

Mixin’s total value locked (blue) and XIN token price (pink). Source: DeFi Llama
Mixin’s total value locked (blue) and XIN token price (pink). Source: DeFi Llama

The Mixin protocol and its XIN token were launched in 2017 to provide support for cross-chain transactions, meaning that users can easily send and receive assets between different blockchains without having to worry about exchange rates or fees. They are used by around 10,000 decentralized applications (DApps) worldwide.

Top Five Crypto Hacks

Many voices from the crypto community have expressed concern and frustration about the incident, criticizing the fact that a so-called decentralized infrastructure relies so heavily on a cloud service provider database.

The Mixin hack is the fifth most significant cyber-attack targeting cryptocurrency assets outside of crypto exchanges, with the top four happening over the past two years:

  1. Ronin Network in March 2022 ($624m)
  2. Poly Network in August 2021 ($611m)
  3. BNB Bridge in October 2022 ($586m)
  4. Wormhole in February 2022 ($326m)

Mixin Network was contacted by Infosecurity but did not respond to requests for comment on this issue.

What’s hot on Infosecurity Magazine?