Mixin Network: The $200M Cloud Heist
The cloud provider got hacked. $200M walked out the door.
Most crypto hacks target smart contracts or exchange infrastructure. Mixin Network got hit through something much more basic: their cloud service provider.
On September 23, 2023, attackers compromised the database of Mixin's cloud provider and used that access to drain approximately $200 million in crypto assets from the network. Bitcoin, Ethereum, and various other tokens were all taken in a single coordinated attack.
Mixin Network was a Hong Kong-based project that marketed itself as a "free, lightning-fast, and decentralized network for transferring digital assets." The irony of storing the keys to that "decentralized" network on a centralized cloud service was not lost on the crypto community.
Founder Feng Xiaodong announced the hack on September 25 and immediately suspended deposits and withdrawals. The network offered a $20 million bounty for the return of the stolen funds. Nobody took them up on it.
The attack highlighted a vulnerability that most people in crypto don't think about. You can audit your smart contracts, run multi-sig wallets, and implement every on-chain security measure in the book. But if your keys are ultimately stored on AWS, Google Cloud, or any centralized service, you're only as secure as that provider's weakest link.
Mixin promised to compensate users by issuing bond tokens representing their losses, with gradual repayment over time. The recovery has been slow and incomplete.
The Aftermath
No suspects identified as of April 2026. Mixin offered users 50% compensation in stablecoins with the remainder as tokenized bond claims. The $20M bounty went unclaimed. In February 2026, a wallet tied to the hack woke up after two years of dormancy and moved $3.8 million in ETH to Tornado Cash. The attacker still has access to stolen funds. The stolen haul included 59,854 ETH, 891 BTC, and roughly $23.57 million in USDT.
COMMENTS