Mixin Proposes $20 Million Bug Bounty to Hacker
Introduction
Mixin Network, a cross-chain project that recently reported an exploit threatening losses of up to $200 million, has sent an on-chain message to the attacker, proposing a $20 million bug bounty if they return the stolen funds.
Key Points
- On-Chain Message to Attacker: Mixin Network has sent a message on-chain to the hacker, expressing hope that they will return the stolen funds, most of which belong to users. The message includes an offer to allow the hacker to keep $20 million as a bug bounty reward for identifying the vulnerability.
From @MixinKernel to the Mixin Network Exploiter: "... You can keep $20M of the assets as a BUG Bounty Reward for the BUG..." https://t.co/Zb9H43uYXA pic.twitter.com/DDHCpKzGbB
— PeckShield Inc. (@peckshield) September 27, 2023
- Message Details: The message states: "Most of the assets are user assets. We hope you can return them. You can keep $20 million of the assets as a bug bounty. Please contact us at bug@mixin.one for further details."
- Update from Mixin: In an update on September 27, Mixin Network clarified that the actual losses are not as severe as initially estimated. They stated, "We have completed the asset tally, and the situation is much more optimistic than expected. The losses are not as significant as initially estimated. We remind everyone to avoid transactions, market making, etc., on Mixin Network to prevent unnecessary losses."
[Update]
— Mixin Kernel (@MixinKernel) September 27, 2023
The first time the incident occurred, we contacted Google (Mandiant) and blockchain security company @SlowMist_Team to assist with the investigation.
After several days, we have completed most of the asset tally work, and the situation is much more optimistic than… https://t.co/ySOHCkGK7t
Background
- Initial Incident Report: Mixin Network reported a significant exploit resulting in the theft of up to $200 million. Feng Xiaodong, the founder of Mixin, confirmed during an AMA session on September 25 that the loss amounted to at least half of the users' assets.
- Proposed Solutions: Feng Xiaodong mentioned that the team is considering issuing "bond tokens" to affected users, which they plan to buy back. This approach is akin to using the project's funds to compensate users.
- Comparison to Other Major Attacks: Despite the reduced estimated loss, Mixin remains one of the largest attacks in 2023, alongside incidents involving Euler ($197 million), Multichain ($128 million), and Atomic Wallet ($100 million).
Token Impact
- Price Drop: The token XIN of Mixin has decreased by 33% over the past seven days due to the attack.
Price Movement of Mixin's XIN Token Over the Past 7 Days: Source: CoinMarketCap (September 27, 2023).
