Mixin Network suspends deposits and withdrawals.

BleepingComputer reports that Mixin Network, which describes itself as “a free and lightning fast peer-to-peer transactional network for digital assets…with more than $1B total value secured,” announced Monday that it had suspended deposits and withdrawals after it was attacked Saturday.

Mixin’s account of the incident.

The attack is said to have cost Mixin’s users some $200 million. Mixin tweeted in its X channel:

“In the early morning of September 23, 2023 Hong Kong time, the database of Mixin Network's cloud service provider was attacked by hackers, resulting in the loss of some assets on the mainnet. We have contacted Google and blockchain security company @SlowMist_Team  to assist with the investigation. After initial verification, the funds involved are approximately US$200 million. Deposit and withdrawal services on Mixin Network have been temporarily suspended. After discussion and consensus among all nodes, these services will be reopened once the vulnerabilities are confirmed and fixed. During this period, transfers are not affected.”

CoinTelegraph reported Monday that Mixin founder Xiaodong Feng said that the “core asset” stolen was Bitcoin. Developers would compensate users “up to a maximum of 50%” for the theft, with the remainder distributed to the victims as “tokenized liability claims” Mixin would in time repurchase “with its future profits."

Decrypt points out an issue a number of blockchain mavens have complained about: from its description of the incident, it might appear that Mixin was less decentralized than it may have represented itself as being.

Speculation about responsibility focuses on North Korea.

Who was responsible for the theft remains unknown, but most speculation points to North Korea. People are simply betting on form: Pyongyang’s cyber operators have long been engaged in large-scale theft, especially theft of alt-coin. 

Roger Grimes, Data-Driven Defense Evangelist at KnowBe4, explained why the usual suspects in this case are from the DPRK. "Even though no one has any proof, the sophistication and amount of the attack is strongly pointing to the North Koreans, who steal more cryptocurrencies than anyone, he wrote. “This attack is a huge example of how you could have your environment completely secure, but a hack at an upstream or downstream dependency could still lead to you being hacked. All critical infrastructures need to do detailed analysis, reviews, and audits of any upstream or downstream neighbor that could significantly impact operations."

With great convenience comes great responsibility.

Grimes’s colleague at KnowBe4, Security Analyst James McQuiggan, sees the incident as a special case of the vulnerability of open source code.

"We recognize that open-source software enables flexibility,” he wrote. “However, its inherent vulnerabilities can allow criminals to exploit systems undetected. This breach clarifies that even with the most robust defenses, threats continuously evolve. This incident identifies the delicate perception of trust, reputation, and user confidence that supports the modern digital banking ecosystem."

And there’s also the usual Willie-Suttonesque attractiveness of open-source banking. McQuiggan added, "With open-source banking, cybercriminals will always go after the money, whether a crypto or natural currency. When a breach occurs, the effects can run deep. Not only do they face immediate financial repercussions, but the damage focuses on the erosion of trust, which can take years to rebuild."

"For CISOs and cybersecurity professionals, this breach reiterates the pressing need for continuous security evaluation, threat intelligence, and fostering a culture of security awareness throughout the organization. In an age where brand reputation can be damaged overnight, a proactive and layered approach to cybersecurity is not just a best practice; it's an imperative," he wrote. "Organizations must continually assess, review, and improve their incident handling of the various attack scenarios to be effectively prepared for cyber attacks and breaches."