Mixin suspends deposits and withdrawals after $200m cryptocurrency heist • The Register
Mixin Network, a Hong Kong-based cryptocurrency firm, has temporarily suspended all deposit and withdrawal services after hackers managed to breach their database and steal approximately $200 million in funds. The incident occurred on Saturday morning when the database of Mixin Network’s cloud service provider was attacked. The company did not disclose the identity of the cloud service provider involved in the breach. Mixin has enlisted the help of Google and blockchain security company SlowMist to investigate the incident. SlowMist confirmed its involvement and the amount stolen in a social media post, while Google-owned Mandiant is assisting with the cleanup.
The company has assured its users that transfers are not affected during the suspension period. Mixin stated that it would reopen its services once the vulnerabilities are confirmed and fixed. The team also pledged to announce a solution for dealing with the lost assets after addressing the breach. Mixin founder Feng Xiaodong will discuss the incident in a Mandarin livestream, which will be summarized in English after the broadcast. The company expressed regret over the incident and is committed to minimizing the losses suffered by its users.
Mixin Network’s platform is based on open-source software and supports 48 public blockchains. The company claims to have one million users and approximately $1 billion in assets, although the stolen funds will result in a significant decrease in its holdings. The hack serves as a reminder of the inherent vulnerabilities in open-source banking, according to KnowBe4 Security Awareness Advocate James McQuiggan. He emphasized that cybercriminals will always target the money, whether it is in the form of cryptocurrency or traditional currency. McQuiggan also highlighted the long-term impact such breaches have on trust, which can take years to rebuild.
This incident follows a series of cryptocurrency heists in Hong Kong. Just a week earlier, Elliptic attributed a $54 million heist against another Hong Kong exchange, CoinEx, to North Korea’s Lazarus Group. The Lazarus Group has reportedly stolen nearly $240 million through five separate hacks over the past 104 days. Companies like Atomic Wallet, CoinsPaid, Alphapo, and Stake.com were among its victims. The FBI also issued an alert in August, warning that the same government-backed cryptocurrency thieves may attempt to liquidate a stash of stolen Bitcoin worth over $40 million from several recent robberies.
