In a recent post on X (previously known as Twitter), Mixin Network announced a loss of approximately $200 million following a cyberattack on its cloud service provider.
The company says it has reached out to Google and blockchain security firm SlowMist to probe the issue. Questions remain as to why such a large proportion of funds was held in hot wallets and how such a breach became possible in the first place.
Although transfers on the network remain unaffected, the deposit and withdrawal services on Mixin Network have been temporarily suspended. Xiaodong Feng, Mixin’s founder, outlined a compensation plan that would include reimbursement of up to 50% of users’ assets and the issuing of debt tokens for the remainder.
Launched in 2018, Mixin Network aimed to provide ultra-fast transactions at zero transaction fees. Its first dApp, Mixin Messenger, combined features akin to Telegram Messenger with a multi-currency mobile wallet.
According to the project’s latest monthly report, the asset value held on the network was around $1.1 billion. This includes over 9.5k BTC and 84k ETH. According to DefiLlama, the project's DeFi TVL is currently around $351 million. It dropped by around $30 million right after the hack.
As highlighted on Twitter, even though the project touted its decentralization it heavily depended on centralized infrastructure. The project operated a small number of nodes (24, according to the latest report), which were likely hosted by a single cloud provider.
Centralized infrastructure can significantly boost transaction speeds, but it also heightens the system's vulnerability to attacks. This concern isn't exclusive to Mixin Network; almost all prominent blockchains also heavily depend on centralized infrastructure providers, exposing them to similar risks.
At Korean Blockchain Week, Ethereum co-founder Vitalik Buterin highlighted that the centralization of nodes is a major issue confronting the network. Currently, approximately 61.3% of Ethereum nodes are hosted on Amazon Web Services (AWS).
Bitcoin’s Lightning Network is also heavily reliant on centralized infrastructure providers: 47% of its nodes are hosted either by AWS or Google Cloud.
Solana is another network that relies strongly on centralized infrastructure. In fact, last year, the cloud infrastructure provider, Hetzner, decided to cease services for users operating Solana nodes. This action resulted in more than 1,000 Solana nodes going offline overnight. While Hetzner's decision didn't shut down Solana completely, it was halfway there.
When projects compromise on decentralization, it often leads to significant costs and jeopardizes the entire ecosystem's stability.
To address the issue, projects must find ways to simplify the technical process so that anyone with a computer can easily run a node at home. Currently, running nodes is not only challenging and limited to technically savvy people but also costly. This has given rise to the booming Node-as-a-Service industry.
While we await comprehensive details from the Mixin Network team regarding the incident, we continue to Observe the situation.