Mixin 923 Hacker Incident Disclosure and Progress
(Updated April 09, 2024)
Incident Explanation
Mixin Network experienced a hack attack on September 23, 2023. The main assets targeted in this attack were ETH, BTC, and USDT-ERC20, and other coins also suffered losses. The addresses associated with the three main hackers are as follows:
- https://etherscan.io/address/0x52e86988bd07447c596e9b0c7765f8500113104c
- https://explorer.btc.com/btc/address/bc1qq7uefmz6nng5c4dzs9mwrxxyh9sxg5cjg85hes
- https://etherscan.io/address/0x3B5fb9d9da3546e9CE6E5AA3CCEca14C8D20041e
The primary cause of the incident was the hacker's penetration into the Google Cloud Services relied upon by Mixin for withdrawals, exploiting a software vulnerability to construct a large number of unauthorized withdrawal requests.
Incident Handling
Investigation and Tracking
Upon discovering a large number of abnormal withdrawals, we immediately halted all deposit and withdrawal services on the network. Other measures taken include:
- Contacting blockchain security companies like Slowmist for on-chain tracking.
- Hiring the Google Mandiant team to assist in investigating the hack into Google Cloud Services.
- Announcing a $20 million reward for the return of the stolen assets.
As of now, the stolen assets remain in the addresses without being moved, and the cause of the breach is still under investigation.
Debt Assessment
After assessing the stolen assets, the team's existing funds, and communicating with the community, major holders, and investors, and considering Mixin's huge potential for future development, the following is announced:
- The Mixin team will use existing funds to cover some or all losses for different affected coin types.
- Losses in BTC, ETH, and USDT-ERC20 that cannot be covered will be converted into a fixed debt based on their dollar value at the time of theft, totaling $153 million in debt. The Mixin team commits to repaying 100% of this debt. The table below details this:
| Coin | Loss | Assessment Price | Total Assessment | Example |
|---|---|---|---|---|
| BTC | 10% | 26569 USD | 30,000,000 USD | Old system 1 BTC ⇒ New system 0.9 BTC + 2656.9 USD debt |
| ETH | 70% | 1592.74 USD | 100,000,000 USD | Old system 1 ETH ⇒ New system 0.3 ETH + 1114.918 USD debt |
| USDT-ERC20 | 90% | 1 USD | 23,000,000 USD | Old system 1 USDT-ERC20 ⇒ New system 0.1 USDT-ERC20 + 0.9 USD debt |
- If the hacker returns the assets in the future, the assets will be distributed among all users holding the corresponding debt.
Debt Claim
Currently, 16,143 individuals have registered their debts, of which 90% having completed the debt claim process. Users with debts under $100 can exchange them for XIN for immediate repayment.
Repayment Plan
- 50% of users who have registered their debts have received immediate repayment through exchanging XIN tokens.
- Participate in forming the Mixin Autonomous Organization, with 150,000 XIN (currently valued at approximately $40 million) as a basis to develop the Mixin ecosystem and compensate debt holders.
- Income generated from a series of Mixin team-developed products and investments, such as Mixin Safe, Mixin Wealth, Mixin Route, and Mixin Messenger — apart from retaining team expenses and development funds — will be used entirely for debt repayment, with a detailed plan expected to be announced in July-August.
Recovery Progress
Ecosystem Recovery Progress
- Mixin Network launched a new mainnet on October 27, 2023, which has been running smoothly since then, with node rewards being distributed as usual.
- Mixin Safe https://safe.mixin.one completed its first security audit, newly supporting Ethereum and Polygon networks. It has also introduced features such as address book and co-managers, with significant optimizations made to details and processes.
- Mixin Messenger now supports deposits and withdrawals for all mainstream coins, having iterated over 40 versions since 923 incident, supporting asset migration, and debt token distribution.
- Mixin Route's fiat purchase function has been fully restored.
- ExinOne and ExinPool related flash trading, limited order trading, regular investments, loans, and Staking functions have been fully restored.
- Pando Swap's trading, limited order trading, and liquidity management functions have been fully restored.
- BOX community, purchasing, and redemption have been fully restored.
- The decentralized web3 cross-chain payment protocol MixPay has been fully restored.
- BigONE's trading bot order, quantification, and flash exchange have been fully restored.
- The third-party blockchain explorer ViewBlock now supports data display for the new Mixin mainnet.
Network Asset Withdrawal Recovery Progress
| Blockchain | Status | Recovery Date |
|---|---|---|
| TRON | ✅ | 20231122 |
| Litecoin | ✅ | 20231213 |
| Dogecoin | ✅ | 20231214 |
| Bitcoin | ✅ | 20231215 |
| Polygon | ✅ | 20231218 |
| Ethereum | ✅ | 20231221 |
| MobileCoin | ✅ | 20231229 |
| BNB Smart Chain | ✅ | 20240101 |
| EOS | ✅ | 20240102 |
| Ripple | ✅ | 20240105 |
| Bitcoin SV | ✅ | 20240108 |
| Bitcoin Cash | ✅ | 20240108 |
| Dash | ✅ | 20240108 |
| Horizen | ✅ | 20240109 |
| Filecoin | ✅ | 20240112 |
| Monero | ✅ | 20240121 |
| Polkadot | ✅ | 20240125 |
| Siacoin | ✅ | 20240209 |
| Nervos | ✅ | 20240215 |
| Solana | ✅ | 20240216 |
| Toncoin | ✅ | 20240310 |
| Cosmos | ✅ | 20240401 |
| Akash | ✅ | 20240401 |
| Ravencoin | ✅ | 20240401 |
| Zcash | ✅ | 20240403 |
| Arweave | 🚗 | |
| Aptos | 🚗 | |
| NEAR | 🚗 | |
| Avalanche | 🚗 | |
| Algorand | 🚗 | |
| Kusama | 🚗 | |
| Stellar | 🚗 | |
| NEM | 🚗 | |
| Ethereum Classic | 🚗 |
Designed & Powered by Pando