This article is more than six months old

Questions swirl around $200m hack as Mixin pledges to pay users half their lost funds

Questions swirl around $200m hack as Mixin pledges to pay users half their lost funds
DeFi
Mixin CEO Feng Xiaodong has pledged to help customers recoup some of their lost funds. Credit: Rita Fortunato/DL News
  • Hong Kong network's CEO promises to recompense ripped-off investors.
  • Mixin says hackers penetrated its database hosted by cloud service provider.
  • CZ and others cast doubt on claims of Mixin.

Hong Kong-based crypto network Mixin said Monday it will compensate users half of their lost funds following a $200 million hack.

Speaking on a livestream, Mixin CEO Feng Xiaodong said attempts to recover the funds were ongoing. The remaining 50% of users’ money will be paid out in bond tokens that Mixin would later repurchase using “future profits.”

Raid on cloud

“No matter what your assets are — whether it’s Bitcoin or Ethereum — we will ensure that half of it is unaffected,” Feng said. “We’re trying to find a way to recover the compromised money, but that is very difficult.”

Mixin claims hackers stole $200 million worth of Bitcoin, Ether and stablecoins from users’ wallets on September 23. The project did not disclose how the hack occurred, but it said its database, stored on a cloud service provider, was attacked by hackers, resulting in the loss of assets.

At $200 million lost, the hack may be the largest so far this year. According to DefiLlama data, the top hack is the $197 million attack on Euler Finance in March.

‘Not everything that claims to be decentralised is.’

—  Changpeng Zhao

Cybercriminals have hit crypto companies and DeFi protocols for more than $735 million in 2023, DefiLlama data shows.

As of July, Mixin had 1 million users. Just before the hack, Mixin’s total value locked — a measure of user deposits into DeFi protocols on the network — sat at around $386 million.

Mixin total value locked

Nobody has yet claimed responsibility for the hack.

Join the community to get our latest stories and updates

Following the hack, Binance founder Changpeng “CZ” Zhao expressed his scepticism at how a decentralised peer-to-peer network had a database which, when hacked, could lose half of the users’ assets.

“Not everything that claims to be decentralised is,” he said in a post on X.

Jiang Zhuoer, the CEO of Bitcoin mining pool BTC.TOP, described the incident as “quite strange” in a Weibo post.

He questioned why funds were not kept in a cold wallet — a type of cryptocurrency wallet that stores the password-like private keys which grant access to the wallet offline, usually on a physical device.

50% compensation plan

Jiang also previously criticised the project, pointing out that Mixin’s native tokens can only be traded for Bitcoin with Mixin itself.

“The protocol announced a 50% compensation plan without waiting for the results of the investigation. Where did the compensation come from? How could such an amount come from a fixed investment project?” he said.

Deposit and withdrawal services on Mixin have been suspended. In a statement Mixin said “these services will be reopened once the vulnerabilities are confirmed and fixed”.

Launched in 2017, Mixin counts “China’s richest bitcoin billionaire”, Li Xiaolai among its early investors. That’s despite Li very publicly announcing he planned to quit crypto several years ago.

Got a tip about crypto in Hong Kong? Message the author at callan@dlnews.com