26th September 2023 – (Hong Kong) On Monday, Mixin Network, a cryptocurrency firm, revealed that hackers had stolen approximately US$200 million from their platform, making it the largest crypto theft of the year so far. The incident occurred early on Saturday, and Mixin attributed the breach to an attack on the database of their network’s cloud service provider.
Mixin, headquartered in Hong Kong, operates as a network for digital asset transfers and boasts a user base of one million individuals. The company took to the social media platform X (formerly Twitter) to inform users that while withdrawals were temporarily disabled, transfers were unaffected. Services will resume once the vulnerabilities are addressed, and Mixin plans to announce a solution for handling the lost assets.
The stolen amount of US$200 million ranks the hack as the tenth largest crypto theft in history based on the volume of cryptocurrency stolen. Additionally, it marks the most significant incident in the crypto space in 2023, according to Elliptic, a blockchain research firm.
Last year, hackers managed to pilfer cryptocurrencies worth up to US$3.8 billion, making it the worst year on record for such thefts, as reported by blockchain researchers Chainalysis.
The Mixin team has engaged the assistance of leading blockchain security company SlowMist and the Google Cloud platform to conduct an ongoing investigation into the hack. The collaboration aims to identify the culprits responsible and assess the impact on the network.
Despite the substantial breach, Mixin’s core cryptocurrency, XIN, has not experienced a significant decline. Currently, the XIN token has seen a 6% decrease in value, trading at around US$193 on exchanges, approaching its lowest point in 2023. Notably, key network metrics have remained relatively stable due to the suspension of operations, with an aggregated Total Value Locked (TVL) of US$394 million, positioning Mixin Network among the top 10 smart contract platforms.
Various theories have emerged within the crypto community regarding the nature of the attack. Some speculate that a cloud service provider may have been responsible for the security of key storage, while others mockingly refer to “database issues” that allegedly led to the substantial loss of assets. Additionally, discussions about a potential North Korean hacker or insider manipulation, known as a “rug pull,” are circulating on X.