- The breach is linked to the compromise of a third-party cloud service provider’s database.
- In response to the breach, Mixin Network suspended all deposit and withdrawal services
Mixin Network, a decentralized peer-to-peer network designed to address blockchain scalability challenges, has fallen victim to a significant cyberattack resulting in the loss of nearly $200 million in crypto assets. The breach, which occurred on September 23, was attributed to the compromise of a third-party cloud service provider’s database. This revelation led Mixin Network to promptly suspend all deposit and withdrawal services in response to the breach.
To investigate the hack and explore potential recovery options, Mixin Network has enlisted the assistance of blockchain investigator SlowMist and tech giant Google. At the time of the hack, the network held a substantial portfolio, including $94.48 million in Ether (ETH), $23.55 million in Dai (DAI), and $23.3 million in Bitcoin (BTC), as revealed in an investigation conducted by PeckShield. In total, the compromised assets amounted to $141.32 million.
An independent investigation conducted by Web3 SaaS analytics platform 0xScope shed light on the hacker’s historical interactions with Mixin Network. In 2022, the address 0x1795, linked to the hacker, received 5 ETH from Mixin Network, subsequently deposited into Binance.
Mixin Network operates as a layer-2 protocol, aiming to streamline cross-chain transfers by making them more cost-effective and efficient. However, it has drawn criticism for its reliance on a centralized database, creating a single point of failure that hackers exploited during this breach.
0xScope analysts have also noted that the hacker converted the stolen Tether (USDT) to Dai (DAI) to potentially avoid any freezing of the funds. Mixin Network has committed to resuming deposits and withdrawals only once vulnerabilities are confirmed and fixed. However, specific plans for recovering the lost assets for affected users have not been immediately disclosed.