Merge pull request #73 from MixinNetwork/feature/mdt

923
MixinNetwork · Mar 12, 2024 · 3e8d7ef · 3e8d7ef
2 parents 5b31380 + 5a8e30e
commit 3e8d7ef
Show file tree

Hide file tree

Showing 6 changed files with 235 additions and 0 deletions.
diff --git a/docs/.vuepress/config/locales.ts b/docs/.vuepress/config/locales.ts
@@ -25,6 +25,7 @@ export function genLocales() {
         { text: locale.messages['nav.ecosystem'], link: `${locale.base}dapps` },
         { text: locale.messages['nav.developers'], link: `${locale.base}developers` },
         { text: locale.messages['nav.network'], link: `${locale.base}network` },
+        { text: locale.messages['nav.923'], link: `${locale.base}923` },
         { text: locale.messages['nav.messenger'], link: `https://mixin.one/messenger` },
         { text: locale.messages['nav.community'],
           children: [

diff --git a/docs/.vuepress/theme/lang/en-US.json b/docs/.vuepress/theme/lang/en-US.json
@@ -8,6 +8,8 @@
   "nav.developers.desc": "Build any decentralized applications on Mixin ",
   "nav.network": "Network",
   "nav.network.desc": "Explore transactions, nodes, and activities taking palce on Mixin.",
+  "nav.923": "923",
+  "nav.923.desc": "Mixin 923 Hacker Incident Disclosure and Progress",
   "nav.messenger": "Messenger",
   "nav.messenger.desc": "End to end encrypted messenger with a built-in crypto wallet",
   "nav.community": "Community",

diff --git a/docs/.vuepress/theme/lang/ja-JP.json b/docs/.vuepress/theme/lang/ja-JP.json
@@ -7,6 +7,8 @@
   "nav.developers.desc": "Build any decentralized applications on Mixin ",
   "nav.network": "ネットワーク",
   "nav.network.desc": "Explore transactions, nodes, and activities taking palce on Mixin.",
+  "nav.923": "923",
+  "nav.923.desc": "Mixin 923 Hacker Incident Disclosure and Progress",
   "nav.messenger": "メッセンジャー",
   "nav.messenger.desc": "End to end encrypted messenger with a built-in crypto wallet",
   "nav.community": "コミュニティー",

diff --git a/docs/.vuepress/theme/lang/zh-TW.json b/docs/.vuepress/theme/lang/zh-TW.json
@@ -7,6 +7,8 @@
   "nav.developers.desc": "在Mixin上構建任意去中心化應用。 ",
   "nav.network": "網絡",
   "nav.network.desc": "探索交易、節點和活動，在Mixin上輕鬆實現。",
+  "nav.923": "923",
+  "nav.923.desc": "Mixin 923 黑客事件披露与进展",
   "nav.messenger": "Messenger",
   "nav.messenger.desc": "帶有內置加密錢包的端到端加密聊天軟件",
   "nav.community": "社區",

diff --git a/docs/923/README.md b/docs/923/README.md
@@ -0,0 +1,114 @@
+---
+title: Mixin 923 Hacker Incident Disclosure and Progress
+description: Mixin 923 Hacker Incident Disclosure and Progress
+editLink: false
+sidebar: false
+article: true
+lastUpdated: false
+contributors: false
+---
+
+# Mixin 923 Hacker Incident Disclosure and Progress
+
+(Updated March 12, 2024)
+
+## Incident Explanation
+
+Mixin Network experienced a hack attack on September 23, 2023. The main assets targeted in this attack were ETH, BTC, and USDT-ERC20, and other coins also suffered losses. The addresses associated with the three main hackers are as follows:
+
+- [https://etherscan.io/address/0x52e86988bd07447c596e9b0c7765f8500113104c](https://etherscan.io/address/0x52e86988bd07447c596e9b0c7765f8500113104c)
+- [https://explorer.btc.com/btc/address/bc1qq7uefmz6nng5c4dzs9mwrxxyh9sxg5cjg85hes](https://explorer.btc.com/btc/address/bc1qq7uefmz6nng5c4dzs9mwrxxyh9sxg5cjg85hes)
+- [https://etherscan.io/address/0x3B5fb9d9da3546e9CE6E5AA3CCEca14C8D20041e](https://etherscan.io/address/0x3B5fb9d9da3546e9CE6E5AA3CCEca14C8D20041e)
+
+The primary cause of the incident was the hacker's penetration into the Google Cloud Services relied upon by Mixin for withdrawals, exploiting a software vulnerability to construct a large number of unauthorized withdrawal requests.
+
+## Incident Handling
+
+### Investigation and Tracking
+
+Upon discovering a large number of abnormal withdrawals, we immediately halted all deposit and withdrawal services on the network. Other measures taken include:
+
+- Contacting blockchain security companies like Slowmist for on-chain tracking.
+- Hiring the Google Mandiant team to assist in investigating the hack into Google Cloud Services.
+- Announcing a $20 million reward for the return of the stolen assets.
+
+As of now, the stolen assets remain in the addresses without being moved, and the cause of the breach is still under investigation.
+
+### Debt Assessment
+
+After assessing the stolen assets, the team's existing funds, and communicating with the community, major holders, and investors, and considering Mixin's huge potential for future development, the following is announced:
+
+- The Mixin team will use existing funds to cover some or all losses for different affected coin types.
+- Losses in BTC, ETH, and USDT-ERC20 that cannot be covered will be converted into a fixed debt based on their dollar value at the time of theft, totaling $153 million in debt. The Mixin team commits to repaying 100% of this debt. The table below details this:
+
+| Coin       | Loss | Assessment Price | Total Assessment | Example                                                            |
+| ---------- | ---- | ---------------- | ---------------- | ------------------------------------------------------------------ |
+| BTC        | 10%  | 26569 USD        | 30,000,000 USD   | Old system 1 BTC ⇒ New system 0.9 BTC + 2656.9 USD debt            |
+| ETH        | 70%  | 1592.74 USD      | 100,000,000 USD  | Old system 1 ETH ⇒ New system 0.3 ETH + 1114.918 USD debt          |
+| USDT-ERC20 | 90%  | 1 USD            | 23,000,000 USD   | Old system 1 USDT-ERC20 ⇒ New system 0.1 USDT-ERC20 + 0.9 USD debt |
+
+- If the hacker returns the assets in the future, the assets will be distributed among all users holding the corresponding debt.
+
+### Debt Claim
+
+Currently, 16,143 individuals have registered their debts, of which 90% having completed the debt claim process. Users with debts under $100 can exchange them for XIN for immediate repayment.
+
+### Repayment Plan
+
+- 50% of users who have registered their debts have received immediate repayment through exchanging XIN tokens.
+- Participate in forming the Mixin Autonomous Organization, with 150,000 XIN (currently valued at approximately $40 million) as a basis to develop the Mixin ecosystem and compensate debt holders.
+- Income generated from a series of Mixin team-developed products and investments, such as Mixin Safe, Mixin Wealth, Mixin Route, and Mixin Messenger — apart from retaining team expenses and development funds — will be used entirely for debt repayment, with a detailed plan expected to be announced in July-August.
+
+## Recovery Progress
+
+### Ecosystem Recovery Progress
+
+- Mixin Network launched a new mainnet on October 27, 2023, which has been running smoothly since then, with node rewards being distributed as usual.
+- Mixin Safe https://safe.mixin.one completed its first security audit, newly supporting Ethereum and Polygon networks. It has also introduced features such as address book and co-managers, with significant optimizations made to details and processes.
+- Mixin Messenger now supports deposits and withdrawals for all mainstream coins, having iterated over 40 versions since 923 incident, supporting asset migration, and debt token distribution.
+- Mixin Route's fiat purchase function has been fully restored.
+- ExinOne and ExinPool related flash trading, limited order trading, regular investments, loans, and Staking functions have been fully restored.
+- Pando Swap's trading, limited order trading, and liquidity management functions have been fully restored.
+- BOX community, purchasing, and redemption have been fully restored.
+- The decentralized web3 cross-chain payment protocol MixPay has been fully restored.
+- BigONE's trading bot order, quantification, and flash exchange have been fully restored.
+- The third-party blockchain explorer ViewBlock now supports data display for the new Mixin mainnet.
+
+### Network Asset Withdrawal Recovery Progress
+
+| Blockchain       | Status | Recovery Date |
+| ---------------- | ------ | ------------- |
+| TRON             | ✅      | 20231122      |
+| Litecoin         | ✅      | 20231213      |
+| Dogecoin         | ✅      | 20231214      |
+| Bitcoin          | ✅      | 20231215      |
+| Polygon          | ✅      | 20231218      |
+| Ethereum         | ✅      | 20231221      |
+| MobileCoin       | ✅      | 20231229      |
+| BNB Smart Chain  | ✅      | 20240101      |
+| EOS              | ✅      | 20240102      |
+| Ripple           | ✅      | 20240105      |
+| Bitcoin SV       | ✅      | 20240108      |
+| Bitcoin Cash     | ✅      | 20240108      |
+| Dash             | ✅      | 20240108      |
+| Horizen          | ✅      | 20240109      |
+| Filecoin         | ✅      | 20240112      |
+| Monero           | ✅      | 20240121      |
+| Polkadot         | ✅      | 20240125      |
+| Siacoin          | ✅      | 20240209      |
+| Nervos           | ✅      | 20240215      |
+| Solana           | ✅      | 20240216      |
+| Toncoin          | ✅      | 20240310      |
+| Cosmos           | 🚗     |               |
+| Arweave          | 🚗     |               |
+| Aptos            | 🚗     |               |
+| NEAR             | 🚗     |               |
+| Avalanche        | 🚗     |               |
+| Akash            | 🚗     |               |
+| Algorand         | 🚗     |               |
+| Kusama           | 🚗     |               |
+| Stellar          | 🚗     |               |
+| NEM              | 🚗     |               |
+| Zcash            | 🚗     |               |
+| Ethereum Classic | 🚗     |               |
+| Ravencoin        | 🚗     |               |
diff --git a/docs/zh/923/README.md b/docs/zh/923/README.md
@@ -0,0 +1,114 @@
+---
+title: Mixin 923 黑客事件披露与进展
+description: Mixin 923 黑客事件披露与进展
+editLink: false
+sidebar: false
+article: true
+lastUpdated: false
+contributors: false
+---
+
+# Mixin 923 黑客事件披露与进展
+
+（2024 年 3 月 12 日更新）
+
+## 事件说明
+
+Mixin Network 于 2023 年 9 月 23 日遭受了黑客攻击，本次攻击主要资产为 ETH、BTC 和 USDT-ERC20，其他币有不同程度损失，三个主要黑客的地址：
+
+- [https://etherscan.io/address/0x52e86988bd07447c596e9b0c7765f8500113104c](https://etherscan.io/address/0x52e86988bd07447c596e9b0c7765f8500113104c)
+- [https://explorer.btc.com/btc/address/bc1qq7uefmz6nng5c4dzs9mwrxxyh9sxg5cjg85hes](https://explorer.btc.com/btc/address/bc1qq7uefmz6nng5c4dzs9mwrxxyh9sxg5cjg85hes)
+- [https://etherscan.io/address/0x3B5fb9d9da3546e9CE6E5AA3CCEca14C8D20041e](https://etherscan.io/address/0x3B5fb9d9da3546e9CE6E5AA3CCEca14C8D20041e)
+
+事件主要原因是因为黑客侵入了 Mixin 提现依赖的 Google 云服务并利用了一个程序漏洞构造了大量未授权的提现请求。
+
+## 事件处理
+
+### 调查追踪
+
+发现大量异常提现后我们立刻停止了网络所有的充值和提现服务，其他措施包括：
+
+- 联系 Slowmist 等区块链安全公司进行链上追踪。
+- 聘请 Google Mandiant 团队协助调查黑客入侵 Google 云服务。
+- 公布 2 千万美金作为黑客归还资产奖励。
+
+截止到目前，被盗的资产仍然在地址里没有转移，被入侵的原因仍然调查之中。
+
+### 债务定损
+
+经过统计和评估被盗资产、团队现有资金，与社区、大户和投资人的沟通，并考虑 Mixin 未来巨大的发展潜力，现公示如下：
+
+- Mixin 团队先利用现有资金针对不同受损币种资产覆盖部分或全部损失。
+- 未能覆盖损失的 BTC、ETH 和 USDT-ERC20 按被盗时美元价值固定折算成债务，总计 1.53 亿美元债务，Mixin 团队承诺将 100% 偿还这些债务。具体如下表格：
+
+| 币种         | 损失  | 定损价格        | 定损总量            | 举例                                               |
+| ---------- | --- | ----------- | --------------- | ------------------------------------------------ |
+| BTC        | 10% | 26569 USD   | 30,000,000 USD  | 旧系统 1 BTC ⇒ 新系统 0.9 BTC + 2656.9 美元债务            |
+| ETH        | 70% | 1592.74 USD | 100,000,000 USD | 旧系统 1 ETH ⇒ 新系统 0.3 ETH + 1114.918 美元债务          |
+| USDT-ERC20 | 90% | 1 USD       | 23,000,000 USD  | 旧系统 1 USDT-ERC20 ⇒ 新系统 0.1 USDT-ERC20 + 0.9 美元债务 |
+
+- 如果后续黑客还币，资产将归属于所有持有债务的用户。
+
+### 债务领取
+
+目前有 16,143 人登记了债务，其中 90% 已完成债务领取，债务不足 100 美元的用户可兑换 XIN 立刻获得偿还。
+
+### 偿还计划
+
+- 已登记债务的用户中 50% 用户已通过兑换 XIN 获得了立刻偿还。
+- 参与组建 Mixin Autonomous Organization，以 15 万 XIN （当前市值约为 4000 万美金）为基础发展 Mixin 生态、补偿债务持有人。
+- Mixin Safe、Mixin Wealth、Mixin Route 和 Mixin Messenger 一系列 Mixin 团队开发产品和投资所产生的收入 — — 除了保留团队开支和发展资金将全部用于偿还债务，详细的计划预计在 7-8 月份公布。
+
+## 恢复进展
+
+### 生态恢复进展
+
+- Mixin Network 于 2023 年 10 月 27 日上线了新主网，平稳运行至今，节点收益正常发放。
+- Mixin Safe [https://safe.mixin.one](https://safe.mixin.one/) 完成第一个安全审计，新支持以太坊和 Polygon 网络，上线地址薄、共管人等功能，细节和流程做了大量优化。
+- Mixin Messenger 已支持所有主流币的充值和提现，自 923 以来已迭代超过 40 个版本，支持资产迁移、债务代币领取。
+- Mixin Route 法币购买功能已完全恢复。
+- ExinOne 和 ExinPool 相关的闪兑交易、挂单交易、定投、借贷和 Staking 功能已完全恢复。
+- Pando Swap 的交易、挂单交易、流动性管理功能已完全恢复。
+- BOX 社群、购买和赎回已完全恢复。
+- 去中心化的 web3 跨链支付协议 MixPay 已完全恢复。
+- BigONE 交易机器人挂单、量化、闪兑已完全恢复。
+- 第三方区块链浏览器 ViewBlock 已支持 Mixin 新主网数据展示。
+
+### 网络资产提现恢复进展
+
+| 区块链              | 状态  | 恢复时间     |
+| ---------------- | --- | -------- |
+| TRON             | ✅   | 20231122 |
+| Litecoin         | ✅   | 20231213 |
+| Dogecoin         | ✅   | 20231214 |
+| Bitcoin          | ✅   | 20231215 |
+| Polygon          | ✅   | 20231218 |
+| Ethereum         | ✅   | 20231221 |
+| MobileCoin       | ✅   | 20231229 |
+| BNB Smart Chain  | ✅   | 20240101 |
+| EOS              | ✅   | 20240102 |
+| Ripple           | ✅   | 20240105 |
+| Bitcoin SV       | ✅   | 20240108 |
+| Bitcoin Cash     | ✅   | 20240108 |
+| Dash             | ✅   | 20240108 |
+| Horizen          | ✅   | 20240109 |
+| Filecoin         | ✅   | 20240112 |
+| Monero           | ✅   | 20240121 |
+| Polkadot         | ✅   | 20240125 |
+| Siacoin          | ✅   | 20240209 |
+| Nervos           | ✅   | 20240215 |
+| Solana           | ✅   | 20240216 |
+| Toncoin          | ✅   | 20240310 |
+| Cosmos           | 🚗  |          |
+| Arweave          | 🚗  |          |
+| Aptos            | 🚗  |          |
+| NEAR             | 🚗  |          |
+| Avalanche        | 🚗  |          |
+| Akash            | 🚗  |          |
+| Algorand         | 🚗  |          |
+| Kusama           | 🚗  |          |
+| Stellar          | 🚗  |          |
+| NEM              | 🚗  |          |
+| Zcash            | 🚗  |          |
+| Ethereum Classic | 🚗  |          |
+| Ravencoin        | 🚗  |          |