Audit log

Every state-changing event for Mixin Network: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

1. #1publishby system:backfill

   2026-05-19 15:51:43Z
   Score: ? → ? (no score change)
   anchoranchored

   chain

   ●mainnet-betaslot 420,800,082

   sig

   HPUG5Lxk5YdX…Dd57Gtapcopyexplorer ↗

   hash

   87RLpgkLtjoi…4oEjXFhxcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (16499 B) ▸

   {"actor":"system:backfill","investigation_id":"afb09b88-aacd-4cb8-b5fc-5938f35ceed3","kind":"publish","page_slug":"mixin","published_at":"2026-05-19T15:51:43.228Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Mixin Network","sections":[{"content":"Mixin Network is a cross-chain Layer 2 protocol designed to enable fast, zero-fee transfers across multiple blockchains, including Bitcoin, Ethereum, Monero, and over 41 other public chains. The network uses a Directed Acyclic Graph (DAG) architecture with a 'gossip protocol' to achieve sub-second transaction finality. Its native token, XIN, has a fixed supply of 1,000,000 units and is used to access services within the ecosystem. Mixin also operates Mixin Messenger, an end-to-end encrypted messaging application integrated with the protocol. The project is led by founder Feng Xiaodong, who previously worked as chief architect at BigONE and developed Vitamio, a widely used multimedia framework for Android and iOS. Mixin is incorporated through FeeXman (Hong Kong) Co., Ltd., and operates primarily out of Hong Kong.","heading":"Protocol Overview","severity":"low","sources":[{"credibility":2,"name":"What is Mixin (XIN)? Multi-Layer Decentralized Network - CryptoPotato","type":"research","url":"https://cryptopotato.com/mixin-a-multi-layer-decentralized-network-that-offers-cross-chain-solutions-lightning-fast-transactions/"},{"credibility":2,"name":"Mixin Network Losses Nearly $200M in Hack - CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2023/09/25/mixin-network-losses-nearly-200m-in-hack"}]},{"content":"On September 23, 2023, hackers compromised the database of Mixin Network's cloud service provider, gaining unauthorized access to the protocol's hot wallets across multiple chains. The breach resulted in the theft of approximately $200 million in digital assets, making it the largest cryptocurrency hack of 2023 at the time of occurrence. Mixin publicly disclosed the breach on September 25, 2023, two days after the incident. The attack vector involved penetration into Google Cloud Services infrastructure relied upon by Mixin for withdrawal processing, exploiting a software vulnerability to construct a large number of unauthorized withdrawal requests. According to on-chain forensics by Elliptic and Merkle Science, the stolen assets comprised approximately $95.3 million in Ether (ETH), $23.7 million in Bitcoin (BTC), and $23.6 million in Tether (USDT), with the remainder in other assets. Elliptic noted that relative to Mixin's July 2023 financial statement, the hack represented 9% of BTC holdings, 71% of ETH holdings, and 93% of USDT holdings. Mixin engaged Google's Mandiant forensics team and blockchain security firm SlowMist to assist with the investigation. The protocol suspended all deposit and withdrawal services immediately following the discovery.","heading":"September 2023 Cloud Database Breach — $200 Million Stolen","severity":"critical","sources":[{"credibility":2,"name":"Mixin Network hacked for $200 Million - Elliptic","type":"research","url":"https://www.elliptic.co/blog/mixin-network-hacked-for-200-million"},{"credibility":1,"name":"Hackers steal $200M from crypto company Mixin - TechCrunch","type":"news_article","url":"https://techcrunch.com/2023/09/25/hackers-steal-200-million-from-crypto-company-mixin/"},{"credibility":2,"name":"Hack Track: Mixin Flow of Funds Analysis - Merkle Science","type":"research","url":"https://www.merklescience.com/blog/hack-track-mixin-flow-of-funds-analysis"},{"credibility":2,"name":"$200 Million in Cryptocurrency Stolen in Mixin Network Hack - SecurityWeek","type":"news_article","url":"https://www.securityweek.com/200-million-in-cryptocurrency-stolen-in-mixin-network-hack/"},{"credibility":2,"name":"Hong Kong crypto business Mixin says hackers stole $200 million - The Record","type":"news_article","url":"https://therecord.media/mixin-cryptocurrency-business-hack-hong-kong"}]},{"content":"Forensic analysis by Elliptic and Merkle Science identified multiple exploiter addresses and traced the stolen asset movements. Merkle Science identified 'Exploiter 1' controlling approximately 59,807 ETH (roughly $94 million) spread across 11,400+ wallets, and 'Exploiter 2' holding approximately 23.57 million USDT. An additional 891 BTC (approximately $24.1 million) was distributed across 127 wallets. Shortly after the theft, the stolen USDT was converted to DAI stablecoin via the Uniswap decentralized exchange. Elliptic noted that this swap exploits a key property of DAI — unlike Tether (USDT), DAI cannot be frozen by its issuer — making it a common technique for hackers seeking to neutralize custodial counterparty risk on stolen stable assets. Elliptic labeled and made the exploiter wallets available through its screening tools to prevent inadvertent processing of stolen funds by exchanges and other on-chain services. One wallet involved in the attack was noted to have previously received 5 ETH from the Mixin Network itself. The intermediate laundering address 0x9cba859288Fa0b4eC43EBB90Bb64a9DbBDDc787f was identified by Arkham Intelligence as associated with the hack.","heading":"On-Chain Forensics and Asset Breakdown","severity":"critical","sources":[{"credibility":2,"name":"Mixin Network hacked for $200 Million - Elliptic","type":"on_chain","url":"https://www.elliptic.co/blog/mixin-network-hacked-for-200-million"},{"credibility":2,"name":"Hack Track: Mixin Flow of Funds Analysis - Merkle Science","type":"on_chain","url":"https://www.merklescience.com/blog/hack-track-mixin-flow-of-funds-analysis"},{"credibility":2,"name":"$3.85 Million in Ethereum From Mixin Network Hack Sent to Tornado Cash - Decrypt","type":"news_article","url":"https://decrypt.co/358032/3-million-ethereum-mixin-network-hack-tornado-cash"}]},{"content":"The September 2023 breach exposed a significant contradiction between Mixin Network's public positioning as a decentralized peer-to-peer network and its underlying infrastructure. Critics, including Binance founder Changpeng Zhao (CZ), noted that 'not everything that claims to be decentralised is.' Bitcoin mining pool CEO Jiang Zhuoer described it as 'quite strange' that user funds were not stored in cold wallets. The core security failure was the reliance on a single centralized cloud service provider's database as an access point to hot wallet infrastructure, creating a single point of failure. Prior to the breach, Mixin had approximately $386 million in total value locked; this dropped to approximately $350 million immediately following the hack. The exposure of this centralized database effectively gave the attacker access to multi-chain user assets despite Mixin's protocol design claims.","heading":"Centralization Risk and Architectural Contradiction","severity":"high","sources":[{"credibility":2,"name":"Questions swirl around $200m hack as Mixin pledges to pay users half their lost funds - DL News","type":"news_article","url":"https://www.dlnews.com/articles/defi/questions-swirl-around-hack-at-hong-kong-network-mixin/"},{"credibility":2,"name":"Mixin Network discloses $200 million hack - Web3 Is Going Great","type":"news_article","url":"https://web3isgoinggreat.com/?id=mixin-network-hack"},{"credibility":3,"name":"Mixin Network: Layer-2 protocol with centralized database — Binance community post","type":"other","url":"https://www.binance.com/en/feed/post/1203243"}]},{"content":"Following the breach, Mixin Network sent an encrypted on-chain message to the alleged attacker offering to let them retain $20 million of the stolen funds as a 'bug bounty reward' in exchange for returning the remaining approximately $180 million. The message stated: 'Most of our platform assets were users, and we hope you can refund them. You can keep $20M of the assets as a BUG Bounty Reward for the BUG.' The offer was not accepted. Founder Feng Xiaodong announced via livestream on September 25, 2023 that affected users would be compensated for a maximum of 50% of their losses in cash. The remaining 50% would be issued as Mixin bond tokens, which the company pledged to repurchase using future profits. Mixin disclosed its annual profit at the time was approximately $10–20 million, raising questions about the timeline and feasibility of full repayment for a $200 million loss event. Critics questioned where the compensation capital would originate, given the scale of losses relative to the company's disclosed revenue.","heading":"Mixin's Response: $20M Bounty Offer and Compensation Plan","severity":"high","sources":[{"credibility":2,"name":"Here's What Mixin Network Offers Hacker For The Return Of Stolen Funds - Benzinga","type":"news_article","url":"https://www.benzinga.com/markets/cryptocurrency/23/09/34949660/heres-what-mixin-network-offers-hacker-for-the-return-of-stolen-funds"},{"credibility":2,"name":"50% of User Assets at Risk Following $200 Million Hack, Mixin Network Founder Reveals - DeFi Planet","type":"news_article","url":"https://defi-planet.com/2023/09/50-of-user-assets-at-risk-following-200-million-hack-mixin-network-founder-reveals/"},{"credibility":2,"name":"Questions swirl around $200m hack as Mixin pledges to pay users half their lost funds - DL News","type":"news_article","url":"https://www.dlnews.com/articles/defi/questions-swirl-around-hack-at-hong-kong-network-mixin/"},{"credibility":2,"name":"Mixin Scrambles After $200M Hack, CEO Pitches Bond Tokens As Temporary Solution - Benzinga","type":"news_article","url":"https://www.benzinga.com/markets/cryptocurrency/23/09/34861342/mixin-scrambles-after-200m-hack-ceo-pitches-bond-tokens-as-temporary-solution"}]},{"content":"The primary attacker wallet remained largely dormant for approximately two years following the September 2023 hack. On February 12–13, 2026, the wallet — tagged as 'Mixin Hacker' by Arkham Intelligence — began moving funds, transferring 2,005 ETH (approximately $3.85 million at the time) to Tornado Cash via an intermediate address (0x9cba859288Fa0b4eC43EBB90Bb64a9DbBDDc787f). The ETH was split into 20 separate transactions over approximately 15 hours before entering Tornado Cash. Three newly created wallets subsequently received a combined 2,087 ETH from Tornado Cash, which was then sold at approximately $1,933 per ETH. As of early 2026, the attacker wallet reportedly still held approximately 57,849 ETH (valued at approximately $113 million) and 891 BTC (valued at approximately $59.7 million), indicating the vast majority of stolen funds remain in the attacker's control and have not been recovered.","heading":"Continued Laundering Activity — Tornado Cash (2026)","severity":"critical","sources":[{"credibility":2,"name":"$3.85 Million in Ethereum From Mixin Network Hack Sent to Tornado Cash - Decrypt","type":"on_chain","url":"https://decrypt.co/358032/3-million-ethereum-mixin-network-hack-tornado-cash"},{"credibility":2,"name":"Wallet tied to $200M Mixin Network hack moves ETH after over two years of dormancy - The Block","type":"news_article","url":"https://www.theblock.co/post/389869/wallet-tied-to-200m-mixin-network-hack-moves-eth-after-over-two-years-of-dormancy-onchain-data"},{"credibility":2,"name":"Mixin Network Hacker Moves 2,005 ETH to Tornado Cash After 2 Years of Silence - FinanceFeeds","type":"news_article","url":"https://financefeeds.com/mixin-network-hacker-moves-2005-eth-to-tornado-cash-after-2-years-of-silence/"},{"credibility":2,"name":"Dormant Mixin exploit wallet sends 2,005 ETH to Tornado Cash - GnCrypto News","type":"news_article","url":"https://www.gncrypto.news/news/mixin-hacker-moves-eth-after-two-years-routes-funds-through-tornado-cash/"}]},{"content":"The hack placed approximately $200 million in user assets at risk across Mixin Network's estimated one million user base. The compensation plan announced by Founder Feng Xiaodong — 50% cash, 50% bond tokens redeemable from future profits — has been criticized as inadequate given Mixin's disclosed annual profits of $10–20 million. This implies that full repayment of the bond component would require many years of profits allocated solely to hack recovery, assuming profitability is maintained. As of 2026, the majority of stolen assets have not been returned or officially recovered. No law enforcement charges or arrests publicly linked to this incident have been identified in available sources. The hack remains one of the largest unresolved crypto thefts on record.","heading":"User Impact and Outstanding Recovery","severity":"critical","sources":[{"credibility":2,"name":"Mixin's follow-up after the theft of about 200 million US dollars: compensation plan includes bonds - AiCoin","type":"news_article","url":"https://www.aicoin.com/en/article/367490"},{"credibility":2,"name":"Questions swirl around $200m hack as Mixin pledges to pay users half their lost funds - DL News","type":"news_article","url":"https://www.dlnews.com/articles/defi/questions-swirl-around-hack-at-hong-kong-network-mixin/"},{"credibility":2,"name":"Cryptohack Roundup: $200M Mixin Network Hack - BankInfoSecurity","type":"news_article","url":"https://www.bankinfosecurity.com/cryptohack-roundup-200m-mixin-network-hack-a-23185"}]}],"sources_used":[],"summary":"Mixin Network is a Hong Kong-based cross-chain Layer 2 protocol that suffered one of the largest cryptocurrency hacks of 2023, losing approximately $200 million when its cloud service provider's database was compromised on September 23, 2023. The hack exposed a fundamental contradiction in Mixin's self-described decentralized architecture: the majority of user funds were held in hot wallets backed by a centralized cloud database. As of early 2026, the majority of stolen assets remain unrecovered, with the attacker beginning to launder funds through Tornado Cash.","timeline":[{"date":"2023-09-23","event":"Mixin Network's cloud service provider database is compromised, allowing attackers to drain approximately $200 million across multiple chains including ETH, BTC, and USDT.","source":"Elliptic / TechCrunch","source_url":"https://www.elliptic.co/blog/mixin-network-hacked-for-200-million"},{"date":"2023-09-25","event":"Mixin Network publicly discloses the breach. Deposit and withdrawal services are suspended. Founder Feng Xiaodong holds a livestream announcing a 50% cash / 50% bond token compensation plan.","source":"CoinDesk / DeFi Planet","source_url":"https://www.coindesk.com/tech/2023/09/25/mixin-network-losses-nearly-200m-in-hack"},{"date":"2023-09-25","event":"Mixin Network sends an on-chain message to the alleged attacker, offering them $20 million as a bug bounty in exchange for returning the remaining stolen funds. The offer is not accepted.","source":"Benzinga","source_url":"https://www.benzinga.com/markets/cryptocurrency/23/09/34949660/heres-what-mixin-network-offers-hacker-for-the-return-of-stolen-funds"},{"date":"2023-09-25","event":"Elliptic publishes on-chain forensics analysis, identifies stolen asset breakdown ($95.3M ETH, $23.7M BTC, $23.6M USDT) and labels attacker wallets in its screening tools. Hackers convert stolen USDT to DAI via Uniswap to avoid asset freezes.","source":"Elliptic","source_url":"https://www.elliptic.co/blog/mixin-network-hacked-for-200-million"},{"date":"2023-09-25","event":"Merkle Science publishes flow-of-funds analysis identifying 11,400+ ETH wallets controlled by Exploiter 1, 127 BTC wallets, and tags laundering methods including DEX swaps and cross-chain bridges.","source":"Merkle Science","source_url":"https://www.merklescience.com/blog/hack-track-mixin-flow-of-funds-analysis"},{"date":"2026-02-12","event":"After approximately two years of dormancy, the primary attacker wallet (tagged 'Mixin Hacker' by Arkham Intelligence) begins moving funds, transferring 2,005 ETH (~$3.85M) to Tornado Cash via 20 separate transactions through intermediate address 0x9cba859288Fa0b4eC43EBB90Bb64a9DbBDDc787f.","source":"Decrypt / The Block","source_url":"https://decrypt.co/358032/3-million-ethereum-mixin-network-hack-tornado-cash"},{"date":"2026-02-13","event":"Three newly created wallets receive a combined 2,087 ETH from Tornado Cash and sell the tokens at approximately $1,933 per ETH. Attacker wallet still holds approximately 57,849 ETH and 891 BTC, representing the large majority of originally stolen assets.","source":"Decrypt / FinanceFeeds","source_url":"https://financefeeds.com/mixin-network-hacker-moves-2005-eth-to-tornado-cash-after-2-years-of-silence/"}]},"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 9acb9750-104e-4ccc-b833-0b97fd8a1427copy