Cross-chain service Mixin Network has offered the hacker who reportedly stole $200 million from the platform a $20 million “bug bounty reward” if he returns the stolen funds.
Mixin sent the message to the hacker in an on-chain message flagged by blockchain security firm PeckShield.
“Most of our platform assets were users’, and we hope you can refund them. You can keep $20 million of the assets as a BUG Bounty Reward for the BUG. Contact us via firstname.lastname@example.org for the reward details,” the message stated.
Mixin Network announced late Sunday that it had come under attack on 23 September, according to an announcement it made on Twitter on Sunday.
“In the early morning of September 23, 2023 Hong Kong time, the database of Mixin Network’s cloud service provider was attacked by hackers, resulting in the loss of some assets,” the company wrote on X, formerly Twitter. “Deposit and withdrawal services on Mixin Network have been temporarily suspended. After discussion and consensus among all nodes, these services will be reopened once the vulnerabilities are confirmed and fixed.”
Mixin’s attack which supposedly led to the theft of $200 million is so far the biggest crypto attack in 2023. The company at the time said it would come up with a plan to recover the funds, which could be the bug bounty it is now offering.
Following the attack, Mixin said it immediately contacted Google and SlowMist, a crypto security firm to help with the investigation. SlowMist said on Saturday that the hacker exploited a vulnerability in the company’s third-party cloud service provider database.
The initial estimate of stolen funds stood at $200 million. However, Mixin in an update on Twitter today stated that the losses were not as much as previously thought.
“We have completed most of the asset tally work, and the situation is much more optimistic than expected. The losses are not as significant as estimated. Again, we remind everyone to avoid making transactions, market making, etc., on Mixin Network, for now, to prevent unnecessary losses,” the company wrote, further stating that “Specific reimbursement rules still need some time.”
Meanwhile, Mixin founder Feng Xiaodong had in a livestream said the company can ensure at least half of every user’s assets are secure while looking for ways to recover the stolen assets.
Many Exploits in One Week
The attack on Mixin was the latest crypto attack exploiting third-party providers in just one week. Leading non-fungible token marketplace OpenSea faced another attack which targeted API users.
Even earlier, crypto analytics platform Nansen announced that one of its third-party vendors was attacked, leading to the loss of emails, password hashes and some blockchain addresses.