Skip to main content
Sign in

Mixin Network

avoid.net/mixin28/100·100% conf.
[AI-DRAFTED · AWAITING VERIFICATION][src:etherscan][src:blockchain-forensics][src:hack][src:zachxbt][src:elliptic]
anchored·HPUG5L…Gtap

Summary

Mixin Network is a Hong Kong-based cross-chain Layer 2 protocol that suffered one of the largest cryptocurrency hacks of 2023, losing approximately $200 million when its cloud service provider's database was compromised on September 23, 2023. The hack exposed a fundamental contradiction in Mixin's self-described decentralized architecture: the majority of user funds were held in hot wallets backed by a centralized cloud database. As of early 2026, the majority of stolen assets remain unrecovered, with the attacker beginning to launder funds through Tornado Cash.

Connected Entities

1 entities · 1 linked investigation
Organizations
Mixin Network
Relationships
    Also appears in
    Mixin Network·10

    Connected Through

    1 shared actor · 1 investigation

    Distinct actors this investigation shares with others — holders, traders, and named parties. Shared infrastructure (exchanges, pools) is excluded.

    Have evidence about Mixin Network?

    Timeline(7 events)

    2023-09-23

    Mixin Network's cloud service provider database is compromised, allowing attackers to drain approximately $200 million across multiple chains including ETH, BTC, and USDT.

    Elliptic / TechCrunch

    2023-09-25

    Mixin Network publicly discloses the breach. Deposit and withdrawal services are suspended. Founder Feng Xiaodong holds a livestream announcing a 50% cash / 50% bond token compensation plan.

    CoinDesk / DeFi Planet

    2023-09-25

    Mixin Network sends an on-chain message to the alleged attacker, offering them $20 million as a bug bounty in exchange for returning the remaining stolen funds. The offer is not accepted.

    Benzinga

    2023-09-25

    Elliptic publishes on-chain forensics analysis, identifies stolen asset breakdown ($95.3M ETH, $23.7M BTC, $23.6M USDT) and labels attacker wallets in its screening tools. Hackers convert stolen USDT to DAI via Uniswap to avoid asset freezes.

    Elliptic

    2023-09-25

    Merkle Science publishes flow-of-funds analysis identifying 11,400+ ETH wallets controlled by Exploiter 1, 127 BTC wallets, and tags laundering methods including DEX swaps and cross-chain bridges.

    Merkle Science

    2026-02-12

    After approximately two years of dormancy, the primary attacker wallet (tagged 'Mixin Hacker' by Arkham Intelligence) begins moving funds, transferring 2,005 ETH (~$3.85M) to Tornado Cash via 20 separate transactions through intermediate address 0x9cba859288Fa0b4eC43EBB90Bb64a9DbBDDc787f.

    Decrypt / The Block

    2026-02-13

    Three newly created wallets receive a combined 2,087 ETH from Tornado Cash and sell the tokens at approximately $1,933 per ETH. Attacker wallet still holds approximately 57,849 ETH and 891 BTC, representing the large majority of originally stolen assets.

    Decrypt / FinanceFeeds
    Provenance & Audit Trail
    Anchored on SolanaVerify on-chainsrc:etherscansrc:blockchain-forensicssrc:hacksrc:zachxbtsrc:elliptic

    Decision Log

    This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.

    full audit log →version history →

    model: claude-sonnet

    generated: 5/4/2026, 4:05:02 PM

    last updated: 5/26/2026, 4:11:15 AM

    avoid.net — verified advice for a post-truth world