The database of the Hong Kong-based transaction network Mixin Network suffered a hacker attack that resulted in the loss of approximately $200 million in customer funds. The project operated a wallet service for transferring digital assets and marketed itself as decentralized.
Another hack in the hundred-million-dollar range is hitting the crypto industry. This time, it affected the relatively lesser-known Western transaction service Mixin Network. According to the company's website, Mixin develops "open-source software where security, privacy, and decentralization always come first." The significant loss of customer funds due to a database attack raises questions about these principles.
Subscribe to our newsletter
The best articles of the week, directly delivered into your mailbox.
Mixin's cloud service provider suffers a hack
Mixin revealed the $200 million hack through a Twitter post. The cloud service provider for the wallet service was targeted by hackers, resulting in the loss of "some assets." Mixin has reached out to Google and the blockchain security company SlowMist to assist with the investigation. Initial assessments suggest that the stolen funds amount to approximately $200 million. As a result, Mixin temporarily suspended deposits and withdrawals. Founder Feng Xiaodong will address the incident and explain the next steps in a livestream in Mandarin later in the day.
[Announcement] In the early morning of September 23, 2023 Hong Kong time, the database of Mixin Network's cloud service provider was attacked by hackers, resulting in the loss of some assets on the mainnet. We have contacted Google and blockchain security company @SlowMist_Team…
— Mixin Kernel (@MixinKernel) September 25, 2023
Decentralized service storing private keys in the cloud?
The loss of customer funds raises questions about the alleged decentralization of the Mixin network. The project describes itself as a lightning-fast peer-to-peer transaction network for digital assets. Since its launch in 2017, customers have deposited over a billion USD into Mixin. The protocol's flagship product is the wallet software "Mixin Messenger," which is supposed to be self-custodial. Other services include a proprietary smart contract platform and a decentralized key management protocol.
It is currently unclear which of these protocols was affected by the hack. However, in general, the principle of decentralization contradicts the storage of customer funds on a cloud. Blockchain technology allows for the offline storage of assets, which should be protected against cloud attacks. Storing private keys is generally considered an absolute no-go. The stolen assets primarily consist of Ether ($100 million), Bitcoin ($25 million) and stablecoins ($25 million).
