Cyber Incident Victim: Mixin
Date:
Sep 2023
Location:
Hong Kong
Summary
A Hong Kong-based cryptocurrency firm suffered a $200 million breach when attackers compromised its cloud service provider's database, prompting the suspension of deposit and withdrawal services. The company engaged Google's Mandiant and cybersecurity firm SlowMist for investigation support, pledging to restore services after addressing vulnerabilities and later announcing a solution for the stolen assets. This incident represents the largest crypto theft of the year, exceeding a $197 million exploit against a lending platform earlier in the year.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 23, 2023, Hong Kong-based cryptocurrency platform Mixin Network disclosed a significant security breach involving its cloud service provider’s database, resulting in the theft of approximately $200 million in digital assets. The company announced the incident via social media platform X (formerly Twitter), stating the attack occurred in the early morning hours Hong Kong time. Mixin immediately suspended all deposit and withdrawal services following the breach, indicating these functions would remain disabled until vulnerabilities were identified and remediated. The organization engaged Google’s Mandiant incident response team and blockchain security firm SlowMist to assist with forensic analysis, though technical specifics regarding the attack vector or cloud provider were not disclosed. Mixin described its network as a decentralized exchange and cross-chain asset transfer system maintained by 35 mainnet nodes, positioning the incident as a cloud infrastructure compromise rather than a direct blockchain exploit. The company pledged to announce a future “solution” addressing the stolen assets but provided no details regarding reimbursement plans or breach origins.
The theft represents the largest cryptocurrency hack of 2023 according to Rekt’s industry incident tracker, surpassing March’s $197 million Euler Finance exploit. Mixin’s operational claims of decentralization contrasted with its reliance on a centralized cloud database, creating ambiguity about how the breach enabled asset theft from a purportedly node-governed network. As of the article’s September 25 update, Mixin had not clarified this discrepancy or responded to additional inquiries. Service suspensions impacted Mixin’s claimed one million users, though the duration of disruption remained undefined. The incident highlighted ongoing security challenges in cryptocurrency platforms despite decentralized architectural frameworks, with Mixin joining a growing list of high-value targets including Euler, Ronin Network, and Poly Network. No attribution to threat actors or recovery timelines was provided in available disclosures.