Mixin Network, a decentralized finance (DeFi) project based in Hong Kong, recently fell victim to a major cyber-attack, resulting in the loss of approximately $200 million in cryptocurrency. This incident has quickly become one of the largest hacks targeting a web3 platform.
The attack on Mixin Network’s cloud service provider database was confirmed by the project on September 25, 2023. In a public statement posted on X (formerly known as Twitter), Mixin Network acknowledged the breach and expressed that deposit and withdrawal services were temporarily suspended. The team assured users that transfers would not be affected during this period. Mixin Network also stated that it had reached out to Google and the blockchain security company Slow Mist to assist in the investigation.
The founder of Mixin, Feng Xiaodon, later provided an update via a livestream from Hong Kong, addressing the situation and offering guidance to affected users. Although the initial communication was conducted in Mandarin, Mixin promised to publish English summaries shortly after.
Following the hack, DeFi dashboard DeFi Llama reported that Mixin Network had lost around $30 million in total value locked (TVL). TVL is a metric used to measure the total value of digital assets locked or staked in a specific platform. This loss in value highlights the significant impact of the attack on Mixin Network’s infrastructure.
The Mixin protocol, along with its XIN token, was launched in 2017 to facilitate cross-chain transactions. It allows users to easily send and receive assets between different blockchains without worrying about exchange rates or fees. Currently, more than 10,000 decentralized applications (DApps) worldwide rely on Mixin for their operations.
In response to the attack, numerous voices within the crypto community have expressed concerns about the heavy reliance on a cloud service provider database by a supposedly decentralized infrastructure like Mixin Network. Criticisms regarding the overall security of decentralized platforms have also surfaced in the aftermath of the breach.
This incident marks the fifth-largest cyber-attack on cryptocurrency assets outside of crypto exchanges. The top four attacks occurred within the past two years and include Ronin Network ($624 million) in March 2022, Poly Network ($611 million) in August 2021, BNB Bridge ($586 million) in October 2022, and Wormhole ($326 million) in February 2022. The Mixin hack now joins this unfortunate list, highlighting the ongoing challenges that the cryptocurrency industry faces when it comes to securing digital assets.
Despite attempts to seek information and comment from Mixin Network, the project has not responded to inquiries regarding the incident.
The Mixin hack serves as a stark reminder of the importance of robust security measures within the cryptocurrency space. As the industry continues to evolve, addressing vulnerabilities and strengthening infrastructure will be crucial to safeguarding digital assets and maintaining trust within the ecosystem.
