On September 23, Mixin Network, a decentralized peer-to-peer platform, reported a significant loss of about $200 million in cryptocurrency assets. The breach is believed to have occurred due to a vulnerability in a third-party cloud service provider's database. Following the alarming revelation, Mixin Network promptly halted all deposit and withdrawal operations.
To dive deep into the matter, Mixin Network collaborated with blockchain expert SlowMist and tech industry leader Google. Their main goal is to decipher the breach's nature and work towards the recovery of lost assets. During the incident, Mixin's assets included Ether (ETH) valued at $94.48 million, Dai (DAI) worth $23.55 million, and Bitcoin (BTC) approximated at $23.3 million. Summing up, their portfolio was evaluated at $141.32 million.
Further insights into the hack were provided by an examination carried out by PeckShield, indicating the different types of cryptocurrencies and their values at the time of the breach. On another front, the analytics platform, Web3 SaaS 0xScope, disclosed that the hacker had prior interactions with Mixin Network. Notably, in 2022, the cryptocurrency address 0x1795, linked with the hacker, received 5 ETH from Mixin. This amount was subsequently transferred to the Binance platform.
Addressing the security flaw is the network's primary concern, and Mixin Network has assured that transactional services will only resume after ensuring complete security. However, the exact strategies for compensating the affected users remain undisclosed.
Moreover, there were expectations for Mixin founder, Feng Xiaodong, to shed light on the event through a Mandarin livestream on September 25. Yet, no direct links to the broadcast were made available on X (previously known as Twitter) or on their primary site, mixin.network.
Additionally, a notable figure in the crypto world, Buterin, shared his experience of a SIM swap attack. He mentioned that an individual tricked T-mobile into commandeering his mobile number. These SIM swap assaults target mobile numbers to bypass two-factor authentication, gaining unauthorized access to various personal accounts.