Bitcoin Forum

Economy => Service Discussion => Topic started by: BABY SHOES on September 25, 2023, 06:01:19 AM



Title: Mixin Network hacked - $200 Million lost
Post by: BABY SHOES on September 25, 2023, 06:01:19 AM
https://www.talkimg.com/images/2023/09/25/PAHv5.jpeg

Today's breaking news - that Mixin Network's cloud database has been attacked resulting in the loss of several mainnet assets and that's what the official statement on Twitter says.
[1] https://twitter.com/MixinKernel/status/1706139175018529139

It is said that the incident occurred on September 23, 2023 and only today the founder of Mixin Network held a press conference at the media in Hong Kong time to reveal this problem occurred.

SlowMist as the blockchain security advisor will continue to own this case and they will provide updates.
[2] https://twitter.com/SlowMist_Team/status/1706133260869468503

Quote
Deposit and withdrawal services on Mixin Network have been temporarily suspended.

Other sources
https://watcher.guru/news/hong-kongs-mixin-network-hack-leads-to-200-million-loss
https://www.coindesk.com/tech/2023/09/25/mixin-network-losses-nearly-200m-in-hack/


Title: Re: Mixin Network hacked - $200 Million lost
Post by: BitcoinGirl.Club on September 25, 2023, 06:08:33 AM
https://www.talkimg.com/images/2023/09/25/PAHv5.jpeg

Today's breaking news - that Mixin Network's cloud database has been attacked resulting in the loss of several mainnet assets and that's what the official statement on Twitter says.
[1] https://twitter.com/MixinKernel/status/1706139175018529139

It is said that the incident occurred on September 23, 2023 and only today the founder of Mixin Network held a press conference at the media in Hong Kong time to reveal this problem occurred.

SlowMist as the blockchain security advisor will continue to own this case and they will provide updates.
[2] https://twitter.com/SlowMist_Team/status/1706133260869468503

Other sources
https://watcher.guru/news/hong-kongs-mixin-network-hack-leads-to-200-million-loss
https://www.coindesk.com/tech/2023/09/25/mixin-network-losses-nearly-200m-in-hack/
That's a bad news for the business. I saw them on the forum and if I am not wrong then they have an active campaign too. As far as I can remember they hold only one key, so how it's possible to lose the assets if other keys are not exposed? The hacker defiantly got the data of all these users.


Title: Re: Mixin Network hacked - $200 Million lost
Post by: PX-Z on September 25, 2023, 06:16:31 AM
This is very unfortunate, i just found out this news earlier via mixin messenger. With that figures, i assumed that's if not most, that's all of their holdings.
I remember reviewing their service, the mixin safe. Good thing it wasn't up yet, although it was run with multisig i don't know if it will be affected if it's already up by this moment.


Title: Re: Mixin Network hacked - $200 Million lost
Post by: BABY SHOES on September 25, 2023, 06:21:16 AM
That's a bad news for the business. I saw them on the forum and if I am not wrong then they have an active campaign too. As far as I can remember they hold only one key, so how it's possible to lose the assets if other keys are not exposed? The hacker defiantly got the data of all these users.
I noticed that some were wearing Mixin Network signatures.
Where in their official thread there has not been any announcement including the Mixin Network representative has been inactive for the past few days.
Their thread: https://bitcointalk.org/index.php?topic=5459401.60

I don't know how their system works, is it just one key? Or is it a platform that controls it?

According to the article the mixin network is worth $1.1 billion.
With the official report: https://mixin.network/blog/2023/mixin-network-monthly-report-no.53/

Some blame it on the fact that they rely on a cloud that is vulnerable to hacking, so all their customers' assets are stored as a third party?


Title: Re: Mixin Network hacked - $200 Million lost
Post by: Z-tight on September 25, 2023, 07:02:25 AM
I saw them on the forum and if I am not wrong then they have an active campaign too.
Yeah, there is an active signature campaign for mixin safe.
As far as I can remember they hold only one key, so how it's possible to lose the assets if other keys are not exposed? The hacker defiantly got the data of all these users.
With how mixin safe operates, it is possible to mistake them for a multisig wallet, but they are not. When making a tx on mixin safe you'll need both the owner key and member's key, and they can also help you recover your wallet, but mixin safe is a custodial service with a centralized database and you lose control of your funds once you deposit it in a safe.
Some blame it on the fact that they rely on a cloud that is vulnerable to hacking, so all their customers' assets are stored as a third party?
Blame it on the fact that they have a single point of failure, and it has been exploited here, take note that mixin safe is a custodial service, so they control customers' funds.


Title: Re: Mixin Network hacked - $200 Million lost
Post by: Beerwizzard on September 25, 2023, 07:28:53 AM
The irony is that the big bold headline in the middle of Mixin website says "Secure Digital Assets and Messages on Mixin" and apparently it turned out that the platform itself is actually not secure.
It feels like everyone who is advertising his service with the accent on security or privacy is actually trying to fuck you up.  



Title: Re: Mixin Network hacked - $200 Million lost
Post by: Die_empty on September 25, 2023, 08:20:58 AM
That's a bad news for the business. I saw them on the forum and if I am not wrong then they have an active campaign too. As far as I can remember they hold only one key, so how it's possible to lose the assets if other keys are not exposed? The hacker defiantly got the data of all these users.
They have a running campaign and conducted one of the highest review campaigns in the forum. The Mixin review employed 100 members and paid the highest amount and members were even paid upfront. They have suspended both deposits and withdrawals which means customers will wait to get more information from the management.

The irony is that the big bold headline in the middle of Mixin website says "Secure Digital Assets and Messages on Mixin" and apparently it turned out that the platform itself is actually not secure.
It feels like everyone who is advertising his service with the accent on security or privacy is actually trying to fuck you up.   :)
It is better to take the risk of keeping your investment than to surrender it to a centralized firm. All those privacy adverts are just marketing strategies to attract customers. I have used their services, and although it was a little bit confusing everything worked perfectly. It is always important not to keep large funds in these custodian websites regardless of how trustworthy they look.


Title: Re: Mixin Network hacked - $200 Million lost
Post by: Z-tight on September 25, 2023, 10:11:53 AM
The irony is that the big bold headline in the middle of Mixin website says "Secure Digital Assets and Messages on Mixin" and apparently it turned out that the platform itself is actually not secure.
They were not going to tell their potential customers that they would lose money if they used their service, were they? It is not just about mixin safe only, but centralized services and platforms that have a single point of failure, the management may not be malicious and they might just want to render a service to people and make profit, but once there is a single point of failure it becomes very vulnerable to hackers who can exploit it and steal either funds or personal data.

Wasabi now funds a blockchain analysis company to spy on utxo's before they are allowed to participate in their Coinjoin or not, but they advertise themselves as the ultimate privacy solution, Binance says funds are safu when they can be hacked at anytime, so yeah, it is just PR and it is left for people to do their research about whatsoever service they are using.


Title: Re: Mixin Network hacked - $200 Million lost
Post by: Beerwizzard on September 25, 2023, 12:35:28 PM
The irony is that the big bold headline in the middle of Mixin website says "Secure Digital Assets and Messages on Mixin" and apparently it turned out that the platform itself is actually not secure.
They were not going to tell their potential customers that they would lose money if they used their service, were they? It is not just about mixin safe only, but centralized services and platforms that have a single point of failure, the management may not be malicious and they might just want to render a service to people and make profit, but once there is a single point of failure it becomes very vulnerable to hackers who can exploit it and steal either funds or personal data.

Wasabi now funds a blockchain analysis company to spy on utxo's before they are allowed to participate in their Coinjoin or not, but they advertise themselves as the ultimate privacy solution, Binance says funds are safu when they can be hacked at anytime, so yeah, it is just PR and it is left for people to do their research about whatsoever service they are using.

Sure. It is always possible that centralized wallet get hacked and if it happens, the project's team will have to take all legal actions to repay their users if they can. However, the point is in kind of a "Fake it till you make it" attitude towards their marketing where the team makes a headline claiming their project is safe as fuck highlighting the highest level of security and getting hacked.

In case with Binance, funds are safu not because they say it, but because it is not possible to steal all funds (they are not so centralized) and all losses would be repaid by Binance simply because they are fucking rich and can afford doing so. There is no accent on hacking impossibility.


Title: Re: Mixin Network hacked - $200 Million lost
Post by: Z-tight on September 25, 2023, 02:13:01 PM
In case with Binance, funds are safu not because they say it, but because it is not possible to steal all funds (they are not so centralized) and all losses would be repaid by Binance simply because they are fucking rich and can afford doing so. There is no accent on hacking impossibility.
Binance is a totally centralized exchange which can and has even been hacked previously, you are right that Binance hasn't had any 'major hacking' incident on its platform, but take note that no centralized exchange is too big to fail, not even Binance, and if a severe bank run happens in Binance for whatever reason or if Binance suffers a major hack, they would find it very hard to refund their customers.

You can only be sure of the security of your funds if you have adequately secured it in your self custody wallet, you should not trust a centralized exchange that operates through fractional reserve scam. If you store your funds in Binance, you better move it into your own self custody wallet.


Title: Re: Mixin Network hacked - $200 Million lost
Post by: ajiz138 on September 25, 2023, 02:14:07 PM
They have a running campaign and conducted one of the highest review campaigns in the forum. The Mixin review employed 100 members and paid the highest amount and members were even paid upfront. They have suspended both deposits and withdrawals which means customers will wait to get more information from the management.
Shocking news!

I was one of the participants who took part in this review at that time, which was fine.
In other words, deposits and withdrawals are suspended - I checked in Mixin messenger and Mixin safe there was no warning whatsoever when clicking recieved/deposit, a little confused they didn't actually completely disable deposits and withdrawals.

It is better to take the risk of keeping your investment than to surrender it to a centralized firm. All those privacy adverts are just marketing strategies to attract customers. I have used their services, and although it was a little bit confusing everything worked perfectly. It is always important not to keep large funds in these custodian websites regardless of how trustworthy they look.
Yes, it's better to HODL it yourself than to hand it over, still leave it to them, it's a third party, even if there's a hacking disaster, we can't do much even though it's a web custodian.


Title: Re: Mixin Network hacked - $200 Million lost
Post by: Faisal2202 on September 25, 2023, 04:52:00 PM
I was quite impressed by the Mixin network because I tested it out, but after hearing that they have been hacked and also lost $200 million, I am quite sad and impressed too. Because I did not think that the company would have gathered that much funds in their little timespan. I do know they are now new in the market, but we came to know about them recently.

I hope this is not another strategy to make themselves famous among others, because no other strategy would have gained them this much audience or attraction.

No wonder this strategy have drawbacks but they are for temporary, like with time, things will be cover in dust and people will forget about it and in some time like 2 or 4 years after, people will start to use it as of their first priority.


Title: Re: Mixin Network hacked - $200 Million lost
Post by: AbuBhakar on September 25, 2023, 05:00:44 PM
I was quite impressed by the Mixin network because I tested it out, but after hearing that they have been hacked and also lost $200 million, I am quite sad and impressed too. Because I did not think that the company would have gathered that much funds in their little timespan. I do know they are now new in the market, but we came to know about them recently.

The Mixin Safe is their new product but the Mixin company is not new since their launch their IDO during 2017 and manage to get huge funds from VC and other investors since Network project that time is very popular. This is really a huge loss since their company valuation is just 1B while the scam amount is 20% of their total asset plus their brand will surely be tainted with criticism since they promote asset safety.

It's really sad what happened to them since they are very generous to the forum through their campaigns here. I just hope that they recover lost funds from hackers since chain analysis is good now for tracking scam tokens.


Title: Re: Mixin Network hacked - $200 Million lost
Post by: Faisal2202 on September 25, 2023, 05:03:55 PM
I was quite impressed by the Mixin network because I tested it out, but after hearing that they have been hacked and also lost $200 million, I am quite sad and impressed too. Because I did not think that the company would have gathered that much funds in their little timespan. I do know they are now not new in the market, but we came to know about them recently.

The Mixin Safe is their new product but the Mixin company is not new since their launch their IDO during 2017 and manage to get huge funds from VC and other investors since Network project that time is very popular. This is really a huge loss since their company valuation is just 1B while the scam amount is 20% of their total asset plus their brand will surely be tainted with criticism since they promote asset safety.

It's really sad what happened to them since they are very generous to the forum through their campaigns here. I just hope that they recover lost funds from hackers since chain analysis is good now for tracking scam tokens.
Oops, that was a spelling mistake, I wanted to write not but it was written as now, maybe Grammarly mistakenly autocorrected it. Well, I also knew that they are now new as during their review, I got to know a lot about them. And yes that's so unfortunate that they faced this hack and lost also now they will be criticized too. But what can be done now,


Title: Re: Mixin Network hacked - $200 Million lost
Post by: bitmover on September 25, 2023, 05:40:26 PM
Today's breaking news - that Mixin Network's cloud database has been attacked resulting in the loss of several mainnet assets and that's what the official statement on Twitter says.
[1] https://twitter.com/MixinKernel/status/1706139175018529139

It is said that the incident occurred on September 23, 2023 and only today the founder of Mixin Network held a press conference at the media in Hong Kong time to reveal this problem occurred.

SlowMist as the blockchain security advisor will continue to own this case and they will provide updates.
[2] https://twitter.com/SlowMist_Team/status/1706133260869468503

Quote
Deposit and withdrawal services on Mixin Network have been temporarily suspended.

It is very sad to see something like this to happen, specially when their service was so active here in bitcointalk community

On the other hand, we can see how custodial services are risky for both parts. The administration of Mixin is now responsible for third party funds that were lost, and the users who trusted them now lost their money.

I always say: keep your bitcoin in a hardware wallet. This is by far the most tested and the safest option


Title: Re: Mixin Network hacked - $200 Million lost
Post by: Synchronice on September 26, 2023, 07:35:52 AM
Their service is not easy to use, it's pretty hard and complicated for an average user and I really wonder, how was this project so popular? According to their website, more than $1B total value is secured and if we believe that, then roughly 1/5 of funds have been stolen.
By the way, even if funds are found, I don't think anyone will continue to use this service because the platform that has been promoting how secure it is, get's hacked easily, that means, they are everything other than secure.


Title: Re: Mixin Network hacked - $200 Million lost
Post by: KingsDen on September 26, 2023, 12:06:37 PM
https://www.talkimg.com/images/2023/09/25/PAHv5.jpeg

Today's breaking news - that Mixin Network's cloud database has been attacked resulting in the loss of several mainnet assets and that's what the official statement on Twitter says.
[1] https://twitter.com/MixinKernel/status/1706139175018529139


This is just an irony of action. If I were to predict that any platform would be hacked any moment I would never includ mixin. Mixin came to the forum with the promise of security our bitcoin and possibly make it hereditary.  They also said that their system does not store people's private keys, rather they hold one of the keys, the customer hold one while the network friends hold one and in order to authorize transaction, atleast two of the three keys holders will have to approve. This means that for there to be a successful hack, the hackers got access to the mixin data base and also the customers data base which is bad.

I know mixin has been in existence for so many years, but they recently found their way to the crypto industry and are willing to dominate. But this hack will be a major set back to their reputation while many will lose confidence even after being refunded. I wish this never happened to them.


Title: Re: Mixin Network hacked - $200 Million lost
Post by: Z-tight on September 26, 2023, 02:46:28 PM
Based on my experience (reviewed Mixin safe few months ago), it's supposed to be custom multi-signature address with custom  spend condition (2-of-3 by default and your own key after some time).
I know that to spend on mixin safe you need to 'sign' the transaction from your owner's wallet and member's wallet, but it is surely not the typical self custodial multisig wallet that you'll create in a wallet like Electrum for example. A safe in mixin safe is custodial and you do not control the keys to your safe and the announcement after the hack shows they store these keys online, in the cloud, a single point of failure and a very bad option to secure this amount of money.


Title: Re: Mixin Network hacked - $200 Million lost
Post by: NeuroticFish on September 26, 2023, 03:02:02 PM
Based on my experience (reviewed Mixin safe few months ago), it's supposed to be custom multi-signature address with custom  spend condition (2-of-3 by default and your own key after some time).
I know that to spend on mixin safe you need to 'sign' the transaction from your owner's wallet and member's wallet, but it is surely not the typical self custodial multisig wallet that you'll create in a wallet like Electrum for example. A safe in mixin safe is custodial and you do not control the keys to your safe and the announcement after the hack shows they store these keys online, in the cloud, a single point of failure and a very bad option to secure this amount of money.

I was also expecting it to be proper multisig, and the system would keep one key of many, and the system would only help with interfacing the actual/real multisig operations with the messages/confirmations from the parties.
From the way the service was presented/packaged, it should have not had a sigle point of failure, unless they've done either a mistake either something fishy under the hood.


Title: Re: Mixin Network hacked - $200 Million lost
Post by: Stedsm on September 26, 2023, 08:36:53 PM
So a decentralised network got attacked because it was working on a centralised server if I'm not wrong?
Is there a possibility for the hackers to be traced and these $200 million be retrieved by them? Or is it a gone case completely?
I believe that some internal person is definitely involved in this, else how would the hackers be able to know about the wallets and how can they attack directly? Will keep a close watch to know what happens next here.
It's like saving your private keys on telegram that works through your phone number, some day your number gets discontinued due to not having enough recharge done by you and it goes to some other person and he/she just logs into your telegram (unknowingly) and sees what in the saved messages? Your private keys. Think.


Title: Re: Mixin Network hacked - $200 Million lost
Post by: Z-tight on September 26, 2023, 10:41:59 PM
So a decentralised network got attacked because it was working on a centralised server if I'm not wrong?
I would not call Mixin a decentralized network, they are centralized and do have a single point of failure, which is that they store the keys to their customers' funds online, in the cloud.

There's been an update on this issue: The Mixin network's founder Feng Xiaodong has announced via a livestream that every customer who had funds on their network has surely lost 50% of it[1], according to him they are trying to recover the stolen funds, but it is very difficult at the moment. He went on to say that as for the other 50% of their funds, mixin network is going to issue "bonds tokens" for the customers to claim, and the platform would repurchase it from them in the future. From this news i think we can say users of mixin safe have probably lost 100% of the funds they had in the platform, and i know it sounds cliché, but not your keys, not your coins has to be repeated again and surely not for the last time.

[1] https://www.cryptotimes.io/mixin-network-founder-admits-50-assets-are-safe/


Title: Re: Mixin Network hacked - $200 Million lost
Post by: joniboini on September 27, 2023, 12:57:06 AM
He went on to say that as for the other 50% of their funds, mixin network is going to issue "bonds tokens" for the customers to claim, and the platform would repurchase it from them in the future.
I wonder how long the platform will stay afloat until every token is purchased back. How would they ensure that nobody is abusing it by buying them cheaply from the P2P market or just hacking the smart contract? Seeing how they lost their money it doesn't give any confidence at all. It is really surprising how a platform that holds a hundred million dollars of money doesn't have a good security mechanism to protect its funds.


Title: Re: Mixin Network hacked - $200 Million lost
Post by: sunsilk on September 27, 2023, 01:19:37 AM
He went on to say that as for the other 50% of their funds, mixin network is going to issue "bonds tokens" for the customers to claim, and the platform would repurchase it from them in the future.
Why it feels like I have some odd feeling on this one. Yeah, it's a temporary solution that they can provide to gain back the customers confidence about this incident. Not a hater or what not but isn't that we've seen something like this when the fiascos of Do Kwon has happened.

Well, the difference is that they're new tokens and not bond tokens or there's not that much difference at all with it.

But anyway, I guess with all of these platforms and networks that have been hacked with a lot of money. I guess that they all invested in security but the reality is that, no matter how strong the network and its security protocols are, all of them are prone to attacks and success rates of it are increasing.


Title: Re: Mixin Network hacked - $200 Million lost
Post by: Darker45 on September 27, 2023, 01:57:08 AM
He went on to say that as for the other 50% of their funds, mixin network is going to issue "bonds tokens" for the customers to claim, and the platform would repurchase it from them in the future.
Why it feels like I have some odd feeling on this one. Yeah, it's a temporary solution that they can provide to gain back the customers confidence about this incident. Not a hater or what not but isn't that we've seen something like this when the fiascos of Do Kwon has happened.

Well, the difference is that they're new tokens and not bond tokens or there's not that much difference at all with it.

But anyway, I guess with all of these platforms and networks that have been hacked with a lot of money. I guess that they all invested in security but the reality is that, no matter how strong the network and its security protocols are, all of them are prone to attacks and success rates of it are increasing.

You have some odd feeling because something is terribly odd. Feng Xiaodong not only sounds substandard, he's also funny ensuring that 50% of the users' funds are safe but it's going to be in the form of "bond tokens" which they will create out of thin air and will buy back in an undetermined time in the indefinite future. LOL! He at least knows how to crack a good joke.

I don't know how secure the network really is, but it doesn't matter. All it takes is one foolish move and all security is pointless, something like your funds are in a cold storage and you kept the seed phrase in your Gmail drafts. LOL! They claim to be a "decentralized multisig" solution and they have a cloud service provider whose database stored the keys.


Title: Re: Mixin Network hacked - $200 Million lost
Post by: NotATether on September 27, 2023, 09:13:38 AM
They have a running campaign and conducted one of the highest review campaigns in the forum. The Mixin review employed 100 members and paid the highest amount and members were even paid upfront. They have suspended both deposits and withdrawals which means customers will wait to get more information from the management.

That was for Mixin Safe not Mixin Network, Mixin Network is the entire company owning all this stuff but the Safe vault was using time-locked multisig they cannot breach, it does not need a cloud database or any of that stuff.

I would not call Mixin a decentralized network, they are centralized and do have a single point of failure, which is that they store the keys to their customers' funds online, in the cloud.

That is correct.

Quote
There's been an update on this issue: The Mixin network's founder Feng Xiaodong has announced via a livestream that every customer who had funds on their network has surely lost 50% of it[1], according to him they are trying to recover the stolen funds, but it is very difficult at the moment. He went on to say that as for the other 50% of their funds, mixin network is going to issue "bonds tokens" for the customers to claim, and the platform would repurchase it from them in the future. From this news i think we can say users of mixin safe have probably lost 100% of the funds they had in the platform, and i know it sounds cliché, but not your keys, not your coins has to be repeated again and surely not for the last time.

50% is a large amount for a platform to lose at once. I am not quite sure if this will work though, but he looks to have a plan at least. (Not like SBF who just wrote
WHAT
H
A
P
P
E
N
E
D
after he lost everyone's money).


Title: Re: Mixin Network hacked - $200 Million lost
Post by: Z-tight on September 27, 2023, 09:31:15 AM
That was for Mixin Safe not Mixin Network, Mixin Network is the entire company owning all this stuff but the Safe vault was using time-locked multisig they cannot breach, it does not need a cloud database or any of that stuff.
Take note that 'multisig' on Mixin safe is not the typical multisig wallet you create on a wallet like Electrum, to sign a tx in Mixin safe you need the 'approval' of both owner's and member's wallet, but any safe in Mixin safe is centralized and you don't control the keys to the funds, the platform does, and they stored it online, in the cloud. From Feng Xiaodong's livestream, this hack affected every user who has funds in their platform, even in the vault they said was safe.
50% is a large amount for a platform to lose at once. I am not quite sure if this will work though,
Surely this will not work, and i believe all users in the platform can consider 100% of their funds lost. If Mixin network didn't lose all of it they will just refund the 50% of the assets they claim to have secured in the crypto that the customer had initially deposted or any other payment option that has value, but they want to issue bond tokens out of thin air, to later repurchase it, what if the platform bites the dust soon or before they can make that repurchase, what if they totally lose customer trust and can no longer make any profit. They have only said this as PR, to calm customers' down for now.


Title: Re: Mixin Network hacked - $200 Million lost
Post by: ajiz138 on September 27, 2023, 09:38:34 AM
There's been an update on this issue: The Mixin network's founder Feng Xiaodong has announced via a livestream that every customer who had funds on their network has surely lost 50% of it[1], according to him they are trying to recover the stolen funds, but it is very difficult at the moment. He went on to say that as for the other 50% of their funds, mixin network is going to issue "bonds tokens" for the customers to claim, and the platform would repurchase it from them in the future. From this news i think we can say users of mixin safe have probably lost 100% of the funds they had in the platform, and i know it sounds cliché, but not your keys, not your coins has to be repeated again and surely not for the last time.
[1] https://www.cryptotimes.io/mixin-network-founder-admits-50-assets-are-safe/
I haven't seen any official statement except on Twitter recently there was a tweet about the problem, Mixin team said 'the loss is not as big as expected' Meaning there is still a chance for customer funds to be returned? I guess it's hard...
The link about the statement of Mixin founder - Feng Xiaodong leads to Twitch without any video.
While on Twitter Mixin will take responsibility for this loss with action but still don't understand if this is 50% of customer funds will be returned or full.

Quote
Regarding the asset losses, we can only take responsibility through action besides apologizing. At the same time, being responsible has always been Mixin's attitude. Specific reimbursement rules still need some time.
[1] https://twitter.com/MixinKernel/status/1706948541850235274


Title: Re: Mixin Network hacked - $200 Million lost
Post by: bitmover on September 27, 2023, 10:09:22 AM
There's option to use non-custodial wallet (such as Bitcoin Core). Although some time after done writing my review, i got impression we only have direct access to one of the key. Two other keys seems to be managed by Mixin Safe and Mixin Messenger.

I was taking a look at how their system works, because they are not as "decentralized " as they said. Their whole system is so complicated

But they said they own a recovery  key, the last key, which should have a time lock.

Was this used in the hack?

https://safe.mixin.zone/how-it-secures

Quote
Recovery Key
Mixin Safe team controls the last key named recovery key. This key is very special, because it's timelocked by Bitcoin script. That means the recovery key can only be used after your safe address is inactive for at least 1 year.


Title: Re: Mixin Network hacked - $200 Million lost
Post by: ABCbits on September 27, 2023, 11:34:57 AM
There's option to use non-custodial wallet (such as Bitcoin Core). Although some time after done writing my review, i got impression we only have direct access to one of the key. Two other keys seems to be managed by Mixin Safe and Mixin Messenger.

I was taking a look at how their system works, because they are not as "decentralized " as they said. Their whole system is so complicated

But they said they own a recovery  key, the last key, which should have a time lock.

Was this used in the hack?

https://safe.mixin.zone/how-it-secures

Quote
Recovery Key
Mixin Safe team controls the last key named recovery key. This key is very special, because it's timelocked by Bitcoin script. That means the recovery key can only be used after your safe address is inactive for at least 1 year.

The news doesn't mention Mixin safe got hacked. But if Mixin Safe also hacked, only address which receive deposit more than 1 year should be hacked. Although at time when Mixin run review campaign, the timelock duration shortened to few days where i move my coin through that recovery key.


Title: Re: Mixin Network hacked - $200 Million lost
Post by: sunsilk on September 28, 2023, 01:35:20 PM
He went on to say that as for the other 50% of their funds, mixin network is going to issue "bonds tokens" for the customers to claim, and the platform would repurchase it from them in the future.
Why it feels like I have some odd feeling on this one. Yeah, it's a temporary solution that they can provide to gain back the customers confidence about this incident. Not a hater or what not but isn't that we've seen something like this when the fiascos of Do Kwon has happened.

Well, the difference is that they're new tokens and not bond tokens or there's not that much difference at all with it.

But anyway, I guess with all of these platforms and networks that have been hacked with a lot of money. I guess that they all invested in security but the reality is that, no matter how strong the network and its security protocols are, all of them are prone to attacks and success rates of it are increasing.

You have some odd feeling because something is terribly odd. Feng Xiaodong not only sounds substandard, he's also funny ensuring that 50% of the users' funds are safe but it's going to be in the form of "bond tokens" which they will create out of thin air and will buy back in an undetermined time in the indefinite future. LOL! He at least knows how to crack a good joke.
Yeah, that seems to be the reason because we've seen this being done by some con before and as much as I don't want to think negatively about the people involved proposing this. However, it just really sounds off beat.

I don't know how secure the network really is, but it doesn't matter. All it takes is one foolish move and all security is pointless, something like your funds are in a cold storage and you kept the seed phrase in your Gmail drafts. LOL! They claim to be a "decentralized multisig" solution and they have a cloud service provider whose database stored the keys.
True.

One employee or one of the co founders done something wrong and true that one mistake in the tiniest that he can do, they're all going to fall down. Seems like that there's an interesting development on this one on how they've screwed up.


Title: Re: Mixin Network hacked - $200 Million lost
Post by: Pmalek on September 28, 2023, 06:16:37 PM
Who knows, maybe the hacker or hacking group decides to return the stolen coins minus a $20 million reward as a bug bounty. I read some news yesterday that the Mixin team promised the hackers $20 million as bug bounty if they returned the rest and explain how they attacked the network. Stranger things have happened. $20 million is still a lot of money + you avoid persecution and having to think if someone might be on your trail.   


Title: Re: Mixin Network hacked - $200 Million lost
Post by: joniboini on September 29, 2023, 12:42:18 AM
I read some news yesterday that the Mixin team promised the hackers $20 million as bug bounty if they returned the rest and explain how they attacked the network. Stranger things have happened. $20 million is still a lot of money + you avoid persecution and having to think if someone might be on your trail.   
Damn, not sure if this is a common occurrence but it does sounds like they don't even know what part of their service has the worst security. It is definitely a tempting offer, but who knows what plan they have in the background. Maybe they did this just to catch them later on. Not the first time a company said A and do B.


Title: Re: Mixin Network hacked - $200 Million lost
Post by: Pmalek on September 29, 2023, 06:43:42 PM
It is definitely a tempting offer, but who knows what plan they have in the background. Maybe they did this just to catch them later on. Not the first time a company said A and do B.
It's certainly a double-edge sword. Maybe they want the hacker(s) to start communicating with them in a hope to aid government agencies to track the individuals and restore the full $200 million. No one would be crazy enough to accept going through identity verification before receiving the $20 million bug reward lol. Maybe they think they will discover more through the communication channel.


Title: Re: Mixin Network hacked - $200 Million lost
Post by: BitcoinsGreat on October 01, 2023, 08:27:57 AM
It is definitely a tempting offer, but who knows what plan they have in the background. Maybe they did this just to catch them later on. Not the first time a company said A and do B.
It's certainly a double-edge sword. Maybe they want the hacker(s) to start communicating with them in a hope to aid government agencies to track the individuals and restore the full $200 million. No one would be crazy enough to accept going through identity verification before receiving the $20 million bug reward lol. Maybe they think they will discover more through the communication channel.

I think this mixin hack was an insider job though we have no evidence for this. The real hackers will usually not settle for only 10% of the award money and also when everyone knows the person, then it will be even more difficult for the hacker to survive (if the intention for the company is to identify and take action against him).


Title: Re: Mixin Network hacked - $200 Million lost
Post by: Pmalek on October 01, 2023, 11:58:54 AM
The real hackers will usually not settle for only 10% of the award money and also when everyone knows the person, then it will be even more difficult for the hacker to survive (if the intention for the company is to identify and take action against him).
Look at it this way. It's better to have $20 million and live as a free man thinking how to spend the money for the rest of your life than perhaps get arrested, have the coins confiscated and returned to the legitimate owners, and spend 20 years in prison. It all depends who the hackers are and if they have significant backing and state protection.