Cross-chain cryptocurrency transfer service Mixin has suffered a catastrophic hack leading to a loss of $200m. Since the breach, the company has temporarily suspended its deposit and withdrawal services. The attack was apparently carried out through the database of Mixin Network’s cloud service provider.
A decentralised network that allows users to transfer digital assets, Mixin claimed in July to have more than one million users. It has its own currency, referred to as the Mixin, or XIN, which saw its value crater today as news of the breach spread.
The company said it has engaged Google-owned security companies SlowMist, which specialises in cryptocurrency security, and Mandiant to help navigate the breach. The name of Mixin’s cloud provider has not been disclosed. Tech Monitor has contacted Google Cloud to see if Mixin uses its infrastructure, but has not received a response at the time of writing.
Mixin announced the breach through a statement on X. “After initial verification, the funds involved are approximately $200m,” the statement says. “Deposit and withdrawal services on Mixin Network have been temporarily suspended. After discussion and consensus among all nodes, these services will be reopened once the vulnerabilities are confirmed and fixed.”
Mixin founder Xiaodong Feng held a discussion with users on Monday to outline measures taken by the company in the wake of the hack. He explained that the “core asset” stolen was Bitcoin. Developers would compensate users “up to a maximum of 50%” for the theft, with the remainder distributed to the victims as “tokenized liability claims” Mixin would in time repurchase these with its “future profits”.
Data released by blockchain company Rekt shows that the Mixin hack is the biggest cryptocurrency heist so far in 2023, overtaking cryptocurrency lending platform Euler, which was hacked in March resulting in the loss of $197m worth of cryptocurrency.