From 6e2bcb25022cdcb58b5be4f01f607de4fd692747 Mon Sep 17 00:00:00 2001 From: over140 Date: Tue, 12 Mar 2024 09:25:38 +0400 Subject: [PATCH 1/3] MDT --- docs/.vuepress/config/locales.ts | 1 + docs/.vuepress/theme/lang/en-US.json | 2 ++ docs/.vuepress/theme/lang/ja-JP.json | 2 ++ docs/.vuepress/theme/lang/zh-TW.json | 2 ++ docs/mdt/README.md | 43 ++++++++++++++++++++++++++++ docs/zh/mdt/README.md | 42 +++++++++++++++++++++++++++ 6 files changed, 92 insertions(+) create mode 100644 docs/mdt/README.md create mode 100644 docs/zh/mdt/README.md diff --git a/docs/.vuepress/config/locales.ts b/docs/.vuepress/config/locales.ts index 6ba7bc2..de481a6 100644 --- a/docs/.vuepress/config/locales.ts +++ b/docs/.vuepress/config/locales.ts @@ -25,6 +25,7 @@ export function genLocales() { { text: locale.messages['nav.ecosystem'], link: `${locale.base}dapps` }, { text: locale.messages['nav.developers'], link: `${locale.base}developers` }, { text: locale.messages['nav.network'], link: `${locale.base}network` }, + { text: locale.messages['nav.mdt'], link: `${locale.base}mdt` }, { text: locale.messages['nav.messenger'], link: `https://mixin.one/messenger` }, { text: locale.messages['nav.community'], children: [ diff --git a/docs/.vuepress/theme/lang/en-US.json b/docs/.vuepress/theme/lang/en-US.json index e9fb142..92cbc5b 100644 --- a/docs/.vuepress/theme/lang/en-US.json +++ b/docs/.vuepress/theme/lang/en-US.json @@ -8,6 +8,8 @@ "nav.developers.desc": "Build any decentralized applications on Mixin ", "nav.network": "Network", "nav.network.desc": "Explore transactions, nodes, and activities taking palce on Mixin.", + "nav.mdt": "MDT", + "nav.mdt.desc": "Mixin Debt Token", "nav.messenger": "Messenger", "nav.messenger.desc": "End to end encrypted messenger with a built-in crypto wallet", "nav.community": "Community", diff --git a/docs/.vuepress/theme/lang/ja-JP.json b/docs/.vuepress/theme/lang/ja-JP.json index 8e1279b..96752d5 100644 --- a/docs/.vuepress/theme/lang/ja-JP.json +++ b/docs/.vuepress/theme/lang/ja-JP.json @@ -7,6 +7,8 @@ "nav.developers.desc": "Build any decentralized applications on Mixin ", "nav.network": "ネットワーク", "nav.network.desc": "Explore transactions, nodes, and activities taking palce on Mixin.", + "nav.mdt": "MDT", + "nav.mdt.desc": "Mixin Debt Token", "nav.messenger": "メッセンジャー", "nav.messenger.desc": "End to end encrypted messenger with a built-in crypto wallet", "nav.community": "コミュニティー", diff --git a/docs/.vuepress/theme/lang/zh-TW.json b/docs/.vuepress/theme/lang/zh-TW.json index 708de58..cc6348f 100644 --- a/docs/.vuepress/theme/lang/zh-TW.json +++ b/docs/.vuepress/theme/lang/zh-TW.json @@ -7,6 +7,8 @@ "nav.developers.desc": "在Mixin上構建任意去中心化應用。 ", "nav.network": "網絡", "nav.network.desc": "探索交易、節點和活動,在Mixin上輕鬆實現。", + "nav.mdt": "MDT", + "nav.mdt.desc": "Mixin 债务代币", "nav.messenger": "Messenger", "nav.messenger.desc": "帶有內置加密錢包的端到端加密聊天軟件", "nav.community": "社區", diff --git a/docs/mdt/README.md b/docs/mdt/README.md new file mode 100644 index 0000000..fc2927b --- /dev/null +++ b/docs/mdt/README.md @@ -0,0 +1,43 @@ +--- +title: Mixin Network 923 Hack Incident Disclosure and Compensation Plan +description: Mixin Network 923 Hack Incident Disclosure and Compensation Plan +editLink: false +sidebar: false +article: true +lastUpdated: false +contributors: false +--- + +## Mixin Network 923 Hack Incident Disclosure and Compensation Plan + +## What is MDT token? + +MDT is the Mixin Debt Token issued by Mixin as a debt token pegged to the US dollar value. There are mainly three types: MDTu, MDTe and MDTb, representing debts against three types of assets: erc20-USDT, ETH, and BTC. + +## Why issue debt tokens? + +The Mixin Network suffered a hacker attack on September 23, 2023. This attack mainly involved assets of erc20-USDT, ETH, and BTC, equivalent to about $150 million at the time, **other assets were unaffected**. After several days of data statistics and team repayment capability assessment, Mixin is unable to repay immediately according to the currency-pegged model and can only issue dollar debt in the form of issuing debt tokens and use profits from continued business development to repay the debt. + +## Why issue three types of debt tokens? + +Although the debts are all pegged to the USD price at midnight on September 23 and denominated in US dollars, Mixin will repay in the order of erc20-usdt, ETH, and BTC. That is, MDTu will be repaid first, followed by MDTe, and finally MDTb. + +## Debt ratio during migration + +When you upgrade Mixin Messenger to version 1.5.0 or above, the wallet shows the assets as 0, and there is a blue prompt at the top **"You have unmigrate assets, please tap to start migration"** to guide you to migrate assets from the old system to the new system. + +||| Please note that migration is a one-way operation. Once assets are migrated to the new system, they cannot be returned to the old system! +||| You can migrate assets to the new system at any time. The old system will continue to run in sync. + +When you migrate erc20-USDT, ETH, BTC and BOX, you will automatically enter the debt registration page. At this time, the page will show the amount you had in the old system, the amount you obtained in the new system, and the number of debt tokens. Confirm there is no error, and then you can enter the PIN to confirm migration. + +Among them, the debt ratio is 90% for erc20-USDT, 70% for ETH, 10% for BTC, and 7.29% for BOX. We can calculate the debt tokens more clearly through the table below: + +| Old wallet assets | New wallet obtain ratio | New system obtained tokens (=Old wallet asset qty * New system obtain ratio) | Debt ratio | Token price at September 23 midnight (USD) | New system obtained debt (=Old wallet asset qty * Price * Debt ratio)| Final obtained amount | +| --- | --- | --- | --- | --- | --- | --- | +| 100 erc20-USDT | 10% | 10 USDT(100*10%) | 90% | 1 | 90 MDTu(100*1*90%) | 10 erc20-USDT + 90 MDTu | +| 1 ETH | 30% | 0.3 ETH(1*30%) | 70% | 1592 | 1114.4 MDTe(1*1592*70%) | 0.3 ETH + 1114.4 MDTe | +| 1 BTC | 90% | 0.9 BTC(1*90%) | 10% | 26569 | 2656.9 MDTb(1*26569*10%) | 0.9 BTC + 2656.9 MDTb | +| 100 BOX | 92.71% | 92.71 BOX(100*92.71%) | 7.29% | 0.11258467 MDTb + 0.1114918 MDTe | 11.258467 MDTb+11.14918 MDTe | 92.71 BOX + 11.258467 MDTb + 11.14918 MDTe | + +|| BOX was not a directly damaged asset, but BOX price composition includes ETH and BTC. After calculation, the lost 7.29% is replaced by corresponding MDT tokens, which means 1 BOX will contain 0.11258467 MDTb + 0.1114918 MDTe debt. \ No newline at end of file diff --git a/docs/zh/mdt/README.md b/docs/zh/mdt/README.md new file mode 100644 index 0000000..10b37b3 --- /dev/null +++ b/docs/zh/mdt/README.md @@ -0,0 +1,42 @@ +--- +title: Mixin Network 923 黑客事件披露以及偿还计划 +description: Mixin Network 923 黑客事件披露以及偿还计划 +editLink: false +sidebar: false +article: true +lastUpdated: false +contributors: false +--- + +## Mixin Network 923 黑客事件披露以及偿还计划 + +## 什么是 MDT 代币? + +MDT 代币是 Mixin Debt Token,即 Mixin 发行的债务代币,铆定美元价值。主要有三种:MDTu、MDTe 和 MDTb。分别代表了针对三种资产的债务:erc20-USDT、ETH 和 BTC。 + +## 为什么发行债务代币? + +Mixin 网络于 2023 年 9 月 23 日遭受了黑客攻击,本次攻击主要涉及资产为 erc20-USDT、ETH 和 BTC,折合当时价格约为 1.5 亿美元, **其他资产无碍**。经过数天数据统计和团队赔付能力评估,Mixin 无法按照币本位立刻赔付,只能以发行美元债务的方式,通过继续发展业务,用盈利来偿还。 + +## 为什么发行三种债务代币? + +尽管债务都是铆定 9 月 23 日零时美元价格,以美元计价,Mixin 会按照 erc20-usdt、ETH、BTC 三个顺序依次偿还。即优先偿还 MDTu,其次 MDTe 最后是 MDTb。 + +## 迁移时债务所占份额 + +当您升级 Mixin Messenger 到 1.5.0 版本或更高,钱包显示资产为 0,顶部有蓝色提示 **“您有未迁移的资产,请单击开始迁移”** 引导您操作资产从旧系统到新系统的迁移。 +||| 请注意,迁移是单向操作,一旦资产迁移至新系统,无法再回到旧系统中! +||| 您可以随时迁移资产至新系统,旧系统会一直同步运行。 + +当您迁移 erc20-USDT、ETH、BTC 和 BOX 时,会自动进入登记债务页面,此时页面会显示您旧系统中有的金额、您新系统中获得的数量和债务代币数量,确认无误后可以输入密码确认迁移操作。 + +其中,erc20-USDT 的债务占比 90%,ETH 债务占比 70%,BTC 债务占比 10%,BOX 债务占比 7.29%。我们通过下面的表格能更清晰的计算债务代币: + +| 旧钱包资产 | 新钱包获得比例 | 新系统获得代币(=旧钱包资产数量*新系统获得比例) | 债务比例 | 9 月 23 日零点对应代币价格(美元) | 新系统获得债务(=旧钱包资产数量 * 价格 * 债务比例)| 最终获得数量 | +| --- | --- | --- | --- | --- | --- | --- | +| 100 erc20-USDT | 10% | 10 USDT(100*10%) | 90% | 1 | 90 MDTu(100*1*90%) | 10 erc20-USDT + 90 MDTu | +| 1 ETH | 30% | 0.3 ETH(1*30%) | 70% | 1592 | 1114.4 MDTe(1*1592*70%) | 0.3 ETH + 1114.4 MDTe | +| 1 BTC | 90% | 0.9 BTC(1*90%) | 10% | 26569 | 2656.9 MDTb(1*26569*10%) | 0.9 BTC + 2656.9 MDTb | +| 100 BOX | 92.71% | 92.71 BOX(100*92.71%) | 7.29% | 0.11258467 MDTb + 0.1114918 MDTe | 11.258467 MDTb+11.14918 MDTe | 92.71 BOX + 11.258467 MDTb + 11.14918 MDTe | + +|| BOX 虽然不是直接受损资产,但是 BOX 的价格组成包含 ETH 和 BTC,经过计算之后,损失的 7.29% 由对应的 MDT 代币取代,也就是说 1 个 BOX 将含有 0.11258467 MDTb + 0.1114918 MDTe 债务。 \ No newline at end of file From 262ee958e8a2362b92b06feff19fe0a8a54d8f51 Mon Sep 17 00:00:00 2001 From: over140 Date: Tue, 12 Mar 2024 17:10:11 +0400 Subject: [PATCH 2/3] Update 923 doc --- docs/.vuepress/config/locales.ts | 2 +- docs/.vuepress/theme/lang/en-US.json | 4 +- docs/.vuepress/theme/lang/ja-JP.json | 4 +- docs/.vuepress/theme/lang/zh-TW.json | 4 +- docs/923/README.md | 111 ++++++++++++++++++++++++++ docs/mdt/README.md | 43 ---------- docs/zh/923/README.md | 114 +++++++++++++++++++++++++++ docs/zh/mdt/README.md | 42 ---------- 8 files changed, 232 insertions(+), 92 deletions(-) create mode 100644 docs/923/README.md delete mode 100644 docs/mdt/README.md create mode 100644 docs/zh/923/README.md delete mode 100644 docs/zh/mdt/README.md diff --git a/docs/.vuepress/config/locales.ts b/docs/.vuepress/config/locales.ts index de481a6..1ef6c03 100644 --- a/docs/.vuepress/config/locales.ts +++ b/docs/.vuepress/config/locales.ts @@ -25,7 +25,7 @@ export function genLocales() { { text: locale.messages['nav.ecosystem'], link: `${locale.base}dapps` }, { text: locale.messages['nav.developers'], link: `${locale.base}developers` }, { text: locale.messages['nav.network'], link: `${locale.base}network` }, - { text: locale.messages['nav.mdt'], link: `${locale.base}mdt` }, + { text: locale.messages['nav.923'], link: `${locale.base}923` }, { text: locale.messages['nav.messenger'], link: `https://mixin.one/messenger` }, { text: locale.messages['nav.community'], children: [ diff --git a/docs/.vuepress/theme/lang/en-US.json b/docs/.vuepress/theme/lang/en-US.json index 92cbc5b..dc4a98b 100644 --- a/docs/.vuepress/theme/lang/en-US.json +++ b/docs/.vuepress/theme/lang/en-US.json @@ -8,8 +8,8 @@ "nav.developers.desc": "Build any decentralized applications on Mixin ", "nav.network": "Network", "nav.network.desc": "Explore transactions, nodes, and activities taking palce on Mixin.", - "nav.mdt": "MDT", - "nav.mdt.desc": "Mixin Debt Token", + "nav.923": "923", + "nav.923.desc": "Mixin 923 Hacker Incident Disclosure and Progress", "nav.messenger": "Messenger", "nav.messenger.desc": "End to end encrypted messenger with a built-in crypto wallet", "nav.community": "Community", diff --git a/docs/.vuepress/theme/lang/ja-JP.json b/docs/.vuepress/theme/lang/ja-JP.json index 96752d5..675d592 100644 --- a/docs/.vuepress/theme/lang/ja-JP.json +++ b/docs/.vuepress/theme/lang/ja-JP.json @@ -7,8 +7,8 @@ "nav.developers.desc": "Build any decentralized applications on Mixin ", "nav.network": "ネットワーク", "nav.network.desc": "Explore transactions, nodes, and activities taking palce on Mixin.", - "nav.mdt": "MDT", - "nav.mdt.desc": "Mixin Debt Token", + "nav.923": "923", + "nav.923.desc": "Mixin 923 Hacker Incident Disclosure and Progress", "nav.messenger": "メッセンジャー", "nav.messenger.desc": "End to end encrypted messenger with a built-in crypto wallet", "nav.community": "コミュニティー", diff --git a/docs/.vuepress/theme/lang/zh-TW.json b/docs/.vuepress/theme/lang/zh-TW.json index cc6348f..e2fe809 100644 --- a/docs/.vuepress/theme/lang/zh-TW.json +++ b/docs/.vuepress/theme/lang/zh-TW.json @@ -7,8 +7,8 @@ "nav.developers.desc": "在Mixin上構建任意去中心化應用。 ", "nav.network": "網絡", "nav.network.desc": "探索交易、節點和活動,在Mixin上輕鬆實現。", - "nav.mdt": "MDT", - "nav.mdt.desc": "Mixin 债务代币", + "nav.923": "923", + "nav.923.desc": "Mixin 923 黑客事件披露与进展", "nav.messenger": "Messenger", "nav.messenger.desc": "帶有內置加密錢包的端到端加密聊天軟件", "nav.community": "社區", diff --git a/docs/923/README.md b/docs/923/README.md new file mode 100644 index 0000000..eaa0673 --- /dev/null +++ b/docs/923/README.md @@ -0,0 +1,111 @@ +--- +title: Mixin 923 Hacker Incident Disclosure and Progress +description: Mixin 923 Hacker Incident Disclosure and Progress +editLink: false +sidebar: false +article: true +lastUpdated: false +contributors: false +--- + +# Mixin 923 Hacker Incident Disclosure and Progress +(Updated March 12, 2024) + +## Incident Description +Mixin Network was attacked by hackers on September 23, 2023. The main assets targeted in this attack were ETH, BTC, and USDT-ERC20, with varying losses in other coins. The addresses of the three main hackers are: + +- [https://etherscan.io/address/0x52e86988bd07447c596e9b0c7765f8500113104c](https://etherscan.io/address/0x52e86988bd07447c596e9b0c7765f8500113104c) +- [https://explorer.btc.com/btc/address/bc1qq7uefmz6nng5c4dzs9mwrxxyh9sxg5cjg85hes](https://explorer.btc.com/btc/address/bc1qq7uefmz6nng5c4dzs9mwrxxyh9sxg5cjg85hes) +- [https://etherscan.io/address/0x3B5fb9d9da3546e9CE6E5AA3CCEca14C8D20041e](https://etherscan.io/address/0x3B5fb9d9da3546e9CE6E5AA3CCEca14C8D20041e) + +The primary cause of the incident was the hacker's penetration into the Google Cloud Services relied upon by Mixin for withdrawals, exploiting a software vulnerability to construct a large number of unauthorized withdrawal requests. + +## Incident Response + +### Investigation and Tracking + +Upon discovering a large number of abnormal withdrawals, we immediately halted all deposit and withdrawal services on the network. Other measures included: + +- Contacting blockchain security companies like Slowmist for on-chain tracking. +- Hiring the Google Mandiant team to assist in investigating the hack into Google Cloud Services. +- Announcing a $20 million reward for the return of the stolen assets. + +As of now, the stolen assets remain in the addresses without being moved, and the cause of the breach is still under investigation. + +### Debt Assessment + +After assessing the stolen assets, the team's existing funds, and communicating with the community, major holders, and investors, and considering Mixin's huge potential for future development, the following is announced: + +- The Mixin team will use existing funds to cover some or all losses for different affected coin types. +- Losses in BTC, ETH, and USDT-ERC20 that cannot be covered will be converted into a fixed debt based on their dollar value at the time of theft, totaling $153 million in debt. The Mixin team commits to repaying 100% of this debt. The table below details this: + +| Coin | Loss | Assessment Price | Total Assessment | Example | +| --- | --- | --- | --- | --- | +| BTC | 10% | 26569 USD | 30,000,000 USD | Old system 1 BTC ⇒ New system 0.9 BTC + 2656.9 USD debt | +| ETH | 70% | 1592.74 USD | 100,000,000 USD | Old system 1 ETH ⇒ New system 0.3 ETH + 1114.918 USD debt | +| USDT-ERC20 | 90% | 1 USD | 23,000,000 USD | Old system 1 USDT-ERC20 ⇒ New system 0.1 USDT-ERC20 + 0.9 USD debt | + +- If the hacker returns the assets in the future, they will belong to all users holding the debt. + +### Debt Claim + +Currently, 16,143 people have registered their debts, with 90% having completed the debt claim process. Users with debts under $100 can exchange XIN for immediate repayment. + +### Repayment Plan +- 50% of users who have registered their debts have received immediate repayment through exchanging XIN. +- Participate in forming the Mixin Autonomous Organization, with 150,000 XIN (currently valued at approximately $40 million) as a basis to develop the Mixin ecosystem and compensate debt holders. +- Income generated from a series of Mixin team-developed products and investments, such as Mixin Safe, Mixin Wealth, Mixin Route, and Mixin Messenger — apart from retaining team expenses and development funds — will be used entirely for debt repayment, with a detailed plan expected to be announced in July-August. + + +## Recovery Progress + +### Ecosystem Recovery Progress +- Mixin Network launched a new mainnet on October 27, 2023, which has been running smoothly since, with normal node earnings distribution. +- Mixin Safe https://safe.mixin.one completed its first security audit, newly supporting Ethereum and Polygon networks, launching address book, co-managers, and other features, with many details and processes significantly optimized. +- Mixin Messenger now supports deposits and withdrawals for all mainstream coins, having iterated over 40 versions since 923, supporting asset migration, and debt token collection. +- Mixin Route's fiat purchase function has been fully restored. +- ExinOne and ExinPool related flash exchange transactions, order transactions, regular investments, loans, and Staking functions have been fully restored. +- Pando Swap's trading, order transactions, and liquidity management functions have been fully restored. +- BOX community, purchasing, and redemption have been fully restored. +- The decentralized web3 cross-chain payment protocol MixPay has been fully restored. +- BigONE's trading bot order, quantification, and flash exchange have been fully restored. +- The third-party blockchain explorer ViewBlock now supports data display for the new Mixin mainnet. + +### Network Asset Withdrawal Recovery Progress + +| Blockchain | Status | Recovery Date | +| --- | --- | --- | +| TRON | ✅ | 20231122 | +| Litecoin | ✅ | 20231213 | +| Dogecoin | ✅ | 20231214 | +| Bitcoin | ✅ | 20231215 | +| Polygon | ✅ | 20231218 | +| Ethereum | ✅ | 20231221 | +| MobileCoin | ✅ | 20231229 | +| BNB Smart Chain | ✅ | 20240101 | +| EOS | ✅ | 20240102 | +| Ripple | ✅ | 20240105 | +| Bitcoin SV | ✅ | 20240108 | +| Bitcoin Cash | ✅ | 20240108 | +| Dash | ✅ | 20240108 | +| Horizen | ✅ | 20240109 | +| Filecoin | ✅ | 20240112 | +| Monero | ✅ | 20240121 | +| Polkadot | ✅ | 20240125 | +| Siacoin | ✅ | 20240209 | +| Nervos | ✅ | 20240215 | +| Solana | ✅ | 20240216 | +| Toncoin | ✅ | 20240310 | +| Cosmos | 🚗 | | +| Arweave | 🚗 | | +| Aptos | 🚗 | | +| NEAR | 🚗 | | +| Avalanche | 🚗 | | +| Akash | 🚗 | | +| Algorand | 🚗 | | +| Kusama | 🚗 | | +| Stellar | 🚗 | | +| NEM | 🚗 | | +| Zcash | 🚗 | | +| Ethereum Classic | 🚗 | | +| Ravencoin | 🚗 | | \ No newline at end of file diff --git a/docs/mdt/README.md b/docs/mdt/README.md deleted file mode 100644 index fc2927b..0000000 --- a/docs/mdt/README.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -title: Mixin Network 923 Hack Incident Disclosure and Compensation Plan -description: Mixin Network 923 Hack Incident Disclosure and Compensation Plan -editLink: false -sidebar: false -article: true -lastUpdated: false -contributors: false ---- - -## Mixin Network 923 Hack Incident Disclosure and Compensation Plan - -## What is MDT token? - -MDT is the Mixin Debt Token issued by Mixin as a debt token pegged to the US dollar value. There are mainly three types: MDTu, MDTe and MDTb, representing debts against three types of assets: erc20-USDT, ETH, and BTC. - -## Why issue debt tokens? - -The Mixin Network suffered a hacker attack on September 23, 2023. This attack mainly involved assets of erc20-USDT, ETH, and BTC, equivalent to about $150 million at the time, **other assets were unaffected**. After several days of data statistics and team repayment capability assessment, Mixin is unable to repay immediately according to the currency-pegged model and can only issue dollar debt in the form of issuing debt tokens and use profits from continued business development to repay the debt. - -## Why issue three types of debt tokens? - -Although the debts are all pegged to the USD price at midnight on September 23 and denominated in US dollars, Mixin will repay in the order of erc20-usdt, ETH, and BTC. That is, MDTu will be repaid first, followed by MDTe, and finally MDTb. - -## Debt ratio during migration - -When you upgrade Mixin Messenger to version 1.5.0 or above, the wallet shows the assets as 0, and there is a blue prompt at the top **"You have unmigrate assets, please tap to start migration"** to guide you to migrate assets from the old system to the new system. - -||| Please note that migration is a one-way operation. Once assets are migrated to the new system, they cannot be returned to the old system! -||| You can migrate assets to the new system at any time. The old system will continue to run in sync. - -When you migrate erc20-USDT, ETH, BTC and BOX, you will automatically enter the debt registration page. At this time, the page will show the amount you had in the old system, the amount you obtained in the new system, and the number of debt tokens. Confirm there is no error, and then you can enter the PIN to confirm migration. - -Among them, the debt ratio is 90% for erc20-USDT, 70% for ETH, 10% for BTC, and 7.29% for BOX. We can calculate the debt tokens more clearly through the table below: - -| Old wallet assets | New wallet obtain ratio | New system obtained tokens (=Old wallet asset qty * New system obtain ratio) | Debt ratio | Token price at September 23 midnight (USD) | New system obtained debt (=Old wallet asset qty * Price * Debt ratio)| Final obtained amount | -| --- | --- | --- | --- | --- | --- | --- | -| 100 erc20-USDT | 10% | 10 USDT(100*10%) | 90% | 1 | 90 MDTu(100*1*90%) | 10 erc20-USDT + 90 MDTu | -| 1 ETH | 30% | 0.3 ETH(1*30%) | 70% | 1592 | 1114.4 MDTe(1*1592*70%) | 0.3 ETH + 1114.4 MDTe | -| 1 BTC | 90% | 0.9 BTC(1*90%) | 10% | 26569 | 2656.9 MDTb(1*26569*10%) | 0.9 BTC + 2656.9 MDTb | -| 100 BOX | 92.71% | 92.71 BOX(100*92.71%) | 7.29% | 0.11258467 MDTb + 0.1114918 MDTe | 11.258467 MDTb+11.14918 MDTe | 92.71 BOX + 11.258467 MDTb + 11.14918 MDTe | - -|| BOX was not a directly damaged asset, but BOX price composition includes ETH and BTC. After calculation, the lost 7.29% is replaced by corresponding MDT tokens, which means 1 BOX will contain 0.11258467 MDTb + 0.1114918 MDTe debt. \ No newline at end of file diff --git a/docs/zh/923/README.md b/docs/zh/923/README.md new file mode 100644 index 0000000..480bd48 --- /dev/null +++ b/docs/zh/923/README.md @@ -0,0 +1,114 @@ +--- +title: Mixin 923 黑客事件披露与进展 +description: Mixin 923 黑客事件披露与进展 +editLink: false +sidebar: false +article: true +lastUpdated: false +contributors: false +--- + +# Mixin 923 黑客事件披露与进展 + +(2024 年 3 月 12 日更新) + +## 事件说明 + +Mixin Network 于 2023 年 9 月 23 日遭受了黑客攻击,本次攻击主要资产为 ETH、BTC 和 USDT-ERC20,其他币有不同程度损失,三个主要黑客的地址: + +- [https://etherscan.io/address/0x52e86988bd07447c596e9b0c7765f8500113104c](https://etherscan.io/address/0x52e86988bd07447c596e9b0c7765f8500113104c) +- [https://explorer.btc.com/btc/address/bc1qq7uefmz6nng5c4dzs9mwrxxyh9sxg5cjg85hes](https://explorer.btc.com/btc/address/bc1qq7uefmz6nng5c4dzs9mwrxxyh9sxg5cjg85hes) +- [https://etherscan.io/address/0x3B5fb9d9da3546e9CE6E5AA3CCEca14C8D20041e](https://etherscan.io/address/0x3B5fb9d9da3546e9CE6E5AA3CCEca14C8D20041e) + +事件主要原因是因为黑客侵入了 Mixin 提现依赖的 Google 云服务并利用了一个程序漏洞构造了大量未授权的提现请求。 + +## 事件处理 + +### 调查追踪 + +发现大量异常提现后我们立刻停止了网络所有的充值和提现服务,其他措施包括: + +- 联系 Slowmist 等区块链安全公司进行链上追踪。 +- 聘请 Google Mandiant 团队协助调查黑客入侵 Google 云服务。 +- 公布 2 千万美金作为黑客归还资产奖励。 + +截止到目前,被盗的资产仍然在地址里没有转移,被入侵的原因仍然调查之中。 + +### 债务定损 + +经过统计和评估被盗资产、团队现有资金,与社区、大户和投资人的沟通,并考虑 Mixin 未来巨大的发展潜力,现公示如下: + +- Mixin 团队先利用现有资金针对不同受损币种资产覆盖部分或全部损失。 +- 未能覆盖损失的 BTC、ETH 和 USDT-ERC20 按被盗时美元价值固定折算成债务,总计 1.53 亿美元债务,Mixin 团队承诺将 100% 偿还这些债务。具体如下表格: + +| 币种 | 损失 | 定损价格 | 定损总量 | 举例 | +| ---------- | --- | ----------- | --------------- | ------------------------------------------------ | +| BTC | 10% | 26569 USD | 30,000,000 USD | 旧系统 1 BTC ⇒ 新系统 0.9 BTC + 2656.9 美元债务 | +| ETH | 70% | 1592.74 USD | 100,000,000 USD | 旧系统 1 ETH ⇒ 新系统 0.3 ETH + 1114.918 美元债务 | +| USDT-ERC20 | 90% | 1 USD | 23,000,000 USD | 旧系统 1 USDT-ERC20 ⇒ 新系统 0.1 USDT-ERC20 + 0.9 美元债务 | + +- 如果后续黑客还币,资产将归属于所有持有债务的用户。 + +### 债务领取 + +目前有 16,143 人登记了债务,其中 90% 已完成债务领取,债务不足 100 美元的用户可兑换 XIN 立刻获得偿还。 + +### 偿还计划 + +- 已登记债务的用户中 50% 用户已通过兑换 XIN 获得了立刻偿还。 +- 参与组建 Mixin Autonomous Organization,以 15 万 XIN (当前市值约为 4000 万美金)为基础发展 Mixin 生态、补偿债务持有人。 +- Mixin Safe、Mixin Wealth、Mixin Route 和 Mixin Messenger 一系列 Mixin 团队开发产品和投资所产生的收入 — — 除了保留团队开支和发展资金将全部用于偿还债务,详细的计划预计在 7-8 月份公布。 + +## 恢复进展 + +### 生态恢复进展 + +- Mixin Network 于 2023 年 10 月 27 日上线了新主网,平稳运行至今,节点收益正常发放。 +- Mixin Safe [https://safe.mixin.one](https://safe.mixin.one/) 完成第一个安全审计,新支持以太坊和 Polygon 网络,上线地址薄、共管人等功能,细节和流程做了大量优化。 +- Mixin Messenger 已支持所有主流币的充值和提现,自 923 以来已迭代超过 40 个版本,支持资产迁移、债务代币领取。 +- Mixin Route 法币购买功能已完全恢复。 +- ExinOne 和 ExinPool 相关的闪兑交易、挂单交易、定投、借贷和 Staking 功能已完全恢复。 +- Pando Swap 的交易、挂单交易、流动性管理功能已完全恢复。 +- BOX 社群、购买和赎回已完全恢复。 +- 去中心化的 web3 跨链支付协议 MixPay 已完全恢复。 +- BigONE 交易机器人挂单、量化、闪兑已完全恢复。 +- 第三方区块链浏览器 ViewBlock 已支持 Mixin 新主网数据展示。 + +### 网络资产提现恢复进展 + +| 区块链 | 状态 | 恢复时间 | +| ---------------- | --- | -------- | +| TRON | ✅ | 20231122 | +| Litecoin | ✅ | 20231213 | +| Dogecoin | ✅ | 20231214 | +| Bitcoin | ✅ | 20231215 | +| Polygon | ✅ | 20231218 | +| Ethereum | ✅ | 20231221 | +| MobileCoin | ✅ | 20231229 | +| BNB Smart Chain | ✅ | 20240101 | +| EOS | ✅ | 20240102 | +| Ripple | ✅ | 20240105 | +| Bitcoin SV | ✅ | 20240108 | +| Bitcoin Cash | ✅ | 20240108 | +| Dash | ✅ | 20240108 | +| Horizen | ✅ | 20240109 | +| Filecoin | ✅ | 20240112 | +| Monero | ✅ | 20240121 | +| Polkadot | ✅ | 20240125 | +| Siacoin | ✅ | 20240209 | +| Nervos | ✅ | 20240215 | +| Solana | ✅ | 20240216 | +| Toncoin | ✅ | 20240310 | +| Cosmos | 🚗 | | +| Arweave | 🚗 | | +| Aptos | 🚗 | | +| NEAR | 🚗 | | +| Avalanche | 🚗 | | +| Akash | 🚗 | | +| Algorand | 🚗 | | +| Kusama | 🚗 | | +| Stellar | 🚗 | | +| NEM | 🚗 | | +| Zcash | 🚗 | | +| Ethereum Classic | 🚗 | | +| Ravencoin | 🚗 | | \ No newline at end of file diff --git a/docs/zh/mdt/README.md b/docs/zh/mdt/README.md deleted file mode 100644 index 10b37b3..0000000 --- a/docs/zh/mdt/README.md +++ /dev/null @@ -1,42 +0,0 @@ ---- -title: Mixin Network 923 黑客事件披露以及偿还计划 -description: Mixin Network 923 黑客事件披露以及偿还计划 -editLink: false -sidebar: false -article: true -lastUpdated: false -contributors: false ---- - -## Mixin Network 923 黑客事件披露以及偿还计划 - -## 什么是 MDT 代币? - -MDT 代币是 Mixin Debt Token,即 Mixin 发行的债务代币,铆定美元价值。主要有三种:MDTu、MDTe 和 MDTb。分别代表了针对三种资产的债务:erc20-USDT、ETH 和 BTC。 - -## 为什么发行债务代币? - -Mixin 网络于 2023 年 9 月 23 日遭受了黑客攻击,本次攻击主要涉及资产为 erc20-USDT、ETH 和 BTC,折合当时价格约为 1.5 亿美元, **其他资产无碍**。经过数天数据统计和团队赔付能力评估,Mixin 无法按照币本位立刻赔付,只能以发行美元债务的方式,通过继续发展业务,用盈利来偿还。 - -## 为什么发行三种债务代币? - -尽管债务都是铆定 9 月 23 日零时美元价格,以美元计价,Mixin 会按照 erc20-usdt、ETH、BTC 三个顺序依次偿还。即优先偿还 MDTu,其次 MDTe 最后是 MDTb。 - -## 迁移时债务所占份额 - -当您升级 Mixin Messenger 到 1.5.0 版本或更高,钱包显示资产为 0,顶部有蓝色提示 **“您有未迁移的资产,请单击开始迁移”** 引导您操作资产从旧系统到新系统的迁移。 -||| 请注意,迁移是单向操作,一旦资产迁移至新系统,无法再回到旧系统中! -||| 您可以随时迁移资产至新系统,旧系统会一直同步运行。 - -当您迁移 erc20-USDT、ETH、BTC 和 BOX 时,会自动进入登记债务页面,此时页面会显示您旧系统中有的金额、您新系统中获得的数量和债务代币数量,确认无误后可以输入密码确认迁移操作。 - -其中,erc20-USDT 的债务占比 90%,ETH 债务占比 70%,BTC 债务占比 10%,BOX 债务占比 7.29%。我们通过下面的表格能更清晰的计算债务代币: - -| 旧钱包资产 | 新钱包获得比例 | 新系统获得代币(=旧钱包资产数量*新系统获得比例) | 债务比例 | 9 月 23 日零点对应代币价格(美元) | 新系统获得债务(=旧钱包资产数量 * 价格 * 债务比例)| 最终获得数量 | -| --- | --- | --- | --- | --- | --- | --- | -| 100 erc20-USDT | 10% | 10 USDT(100*10%) | 90% | 1 | 90 MDTu(100*1*90%) | 10 erc20-USDT + 90 MDTu | -| 1 ETH | 30% | 0.3 ETH(1*30%) | 70% | 1592 | 1114.4 MDTe(1*1592*70%) | 0.3 ETH + 1114.4 MDTe | -| 1 BTC | 90% | 0.9 BTC(1*90%) | 10% | 26569 | 2656.9 MDTb(1*26569*10%) | 0.9 BTC + 2656.9 MDTb | -| 100 BOX | 92.71% | 92.71 BOX(100*92.71%) | 7.29% | 0.11258467 MDTb + 0.1114918 MDTe | 11.258467 MDTb+11.14918 MDTe | 92.71 BOX + 11.258467 MDTb + 11.14918 MDTe | - -|| BOX 虽然不是直接受损资产,但是 BOX 的价格组成包含 ETH 和 BTC,经过计算之后,损失的 7.29% 由对应的 MDT 代币取代,也就是说 1 个 BOX 将含有 0.11258467 MDTb + 0.1114918 MDTe 债务。 \ No newline at end of file From 5a8e30e17ca145414c0427cd2eb1833feffcc84c Mon Sep 17 00:00:00 2001 From: over140 Date: Tue, 12 Mar 2024 18:01:36 +0400 Subject: [PATCH 3/3] Update doc --- docs/923/README.md | 129 +++++++++++++++++++++++---------------------- 1 file changed, 66 insertions(+), 63 deletions(-) diff --git a/docs/923/README.md b/docs/923/README.md index eaa0673..53abcfb 100644 --- a/docs/923/README.md +++ b/docs/923/README.md @@ -9,10 +9,12 @@ contributors: false --- # Mixin 923 Hacker Incident Disclosure and Progress + (Updated March 12, 2024) -## Incident Description -Mixin Network was attacked by hackers on September 23, 2023. The main assets targeted in this attack were ETH, BTC, and USDT-ERC20, with varying losses in other coins. The addresses of the three main hackers are: +## Incident Explanation + +Mixin Network experienced a hack attack on September 23, 2023. The main assets targeted in this attack were ETH, BTC, and USDT-ERC20, and other coins also suffered losses. The addresses associated with the three main hackers are as follows: - [https://etherscan.io/address/0x52e86988bd07447c596e9b0c7765f8500113104c](https://etherscan.io/address/0x52e86988bd07447c596e9b0c7765f8500113104c) - [https://explorer.btc.com/btc/address/bc1qq7uefmz6nng5c4dzs9mwrxxyh9sxg5cjg85hes](https://explorer.btc.com/btc/address/bc1qq7uefmz6nng5c4dzs9mwrxxyh9sxg5cjg85hes) @@ -20,52 +22,53 @@ Mixin Network was attacked by hackers on September 23, 2023. The main assets tar The primary cause of the incident was the hacker's penetration into the Google Cloud Services relied upon by Mixin for withdrawals, exploiting a software vulnerability to construct a large number of unauthorized withdrawal requests. -## Incident Response +## Incident Handling ### Investigation and Tracking - -Upon discovering a large number of abnormal withdrawals, we immediately halted all deposit and withdrawal services on the network. Other measures included: - + +Upon discovering a large number of abnormal withdrawals, we immediately halted all deposit and withdrawal services on the network. Other measures taken include: + - Contacting blockchain security companies like Slowmist for on-chain tracking. - Hiring the Google Mandiant team to assist in investigating the hack into Google Cloud Services. - Announcing a $20 million reward for the return of the stolen assets. - + As of now, the stolen assets remain in the addresses without being moved, and the cause of the breach is still under investigation. - + ### Debt Assessment - + After assessing the stolen assets, the team's existing funds, and communicating with the community, major holders, and investors, and considering Mixin's huge potential for future development, the following is announced: - + - The Mixin team will use existing funds to cover some or all losses for different affected coin types. - Losses in BTC, ETH, and USDT-ERC20 that cannot be covered will be converted into a fixed debt based on their dollar value at the time of theft, totaling $153 million in debt. The Mixin team commits to repaying 100% of this debt. The table below details this: - -| Coin | Loss | Assessment Price | Total Assessment | Example | -| --- | --- | --- | --- | --- | -| BTC | 10% | 26569 USD | 30,000,000 USD | Old system 1 BTC ⇒ New system 0.9 BTC + 2656.9 USD debt | -| ETH | 70% | 1592.74 USD | 100,000,000 USD | Old system 1 ETH ⇒ New system 0.3 ETH + 1114.918 USD debt | -| USDT-ERC20 | 90% | 1 USD | 23,000,000 USD | Old system 1 USDT-ERC20 ⇒ New system 0.1 USDT-ERC20 + 0.9 USD debt | -- If the hacker returns the assets in the future, they will belong to all users holding the debt. +| Coin | Loss | Assessment Price | Total Assessment | Example | +| ---------- | ---- | ---------------- | ---------------- | ------------------------------------------------------------------ | +| BTC | 10% | 26569 USD | 30,000,000 USD | Old system 1 BTC ⇒ New system 0.9 BTC + 2656.9 USD debt | +| ETH | 70% | 1592.74 USD | 100,000,000 USD | Old system 1 ETH ⇒ New system 0.3 ETH + 1114.918 USD debt | +| USDT-ERC20 | 90% | 1 USD | 23,000,000 USD | Old system 1 USDT-ERC20 ⇒ New system 0.1 USDT-ERC20 + 0.9 USD debt | + +- If the hacker returns the assets in the future, the assets will be distributed among all users holding the corresponding debt. ### Debt Claim - -Currently, 16,143 people have registered their debts, with 90% having completed the debt claim process. Users with debts under $100 can exchange XIN for immediate repayment. - + +Currently, 16,143 individuals have registered their debts, of which 90% having completed the debt claim process. Users with debts under $100 can exchange them for XIN for immediate repayment. + ### Repayment Plan -- 50% of users who have registered their debts have received immediate repayment through exchanging XIN. + +- 50% of users who have registered their debts have received immediate repayment through exchanging XIN tokens. - Participate in forming the Mixin Autonomous Organization, with 150,000 XIN (currently valued at approximately $40 million) as a basis to develop the Mixin ecosystem and compensate debt holders. - Income generated from a series of Mixin team-developed products and investments, such as Mixin Safe, Mixin Wealth, Mixin Route, and Mixin Messenger — apart from retaining team expenses and development funds — will be used entirely for debt repayment, with a detailed plan expected to be announced in July-August. - ## Recovery Progress ### Ecosystem Recovery Progress -- Mixin Network launched a new mainnet on October 27, 2023, which has been running smoothly since, with normal node earnings distribution. -- Mixin Safe https://safe.mixin.one completed its first security audit, newly supporting Ethereum and Polygon networks, launching address book, co-managers, and other features, with many details and processes significantly optimized. -- Mixin Messenger now supports deposits and withdrawals for all mainstream coins, having iterated over 40 versions since 923, supporting asset migration, and debt token collection. + +- Mixin Network launched a new mainnet on October 27, 2023, which has been running smoothly since then, with node rewards being distributed as usual. +- Mixin Safe https://safe.mixin.one completed its first security audit, newly supporting Ethereum and Polygon networks. It has also introduced features such as address book and co-managers, with significant optimizations made to details and processes. +- Mixin Messenger now supports deposits and withdrawals for all mainstream coins, having iterated over 40 versions since 923 incident, supporting asset migration, and debt token distribution. - Mixin Route's fiat purchase function has been fully restored. -- ExinOne and ExinPool related flash exchange transactions, order transactions, regular investments, loans, and Staking functions have been fully restored. -- Pando Swap's trading, order transactions, and liquidity management functions have been fully restored. +- ExinOne and ExinPool related flash trading, limited order trading, regular investments, loans, and Staking functions have been fully restored. +- Pando Swap's trading, limited order trading, and liquidity management functions have been fully restored. - BOX community, purchasing, and redemption have been fully restored. - The decentralized web3 cross-chain payment protocol MixPay has been fully restored. - BigONE's trading bot order, quantification, and flash exchange have been fully restored. @@ -73,39 +76,39 @@ Currently, 16,143 people have registered their debts, with 90% having completed ### Network Asset Withdrawal Recovery Progress -| Blockchain | Status | Recovery Date | -| --- | --- | --- | -| TRON | ✅ | 20231122 | -| Litecoin | ✅ | 20231213 | -| Dogecoin | ✅ | 20231214 | -| Bitcoin | ✅ | 20231215 | -| Polygon | ✅ | 20231218 | -| Ethereum | ✅ | 20231221 | -| MobileCoin | ✅ | 20231229 | -| BNB Smart Chain | ✅ | 20240101 | -| EOS | ✅ | 20240102 | -| Ripple | ✅ | 20240105 | -| Bitcoin SV | ✅ | 20240108 | -| Bitcoin Cash | ✅ | 20240108 | -| Dash | ✅ | 20240108 | -| Horizen | ✅ | 20240109 | -| Filecoin | ✅ | 20240112 | -| Monero | ✅ | 20240121 | -| Polkadot | ✅ | 20240125 | -| Siacoin | ✅ | 20240209 | -| Nervos | ✅ | 20240215 | -| Solana | ✅ | 20240216 | -| Toncoin | ✅ | 20240310 | -| Cosmos | 🚗 | | -| Arweave | 🚗 | | -| Aptos | 🚗 | | -| NEAR | 🚗 | | -| Avalanche | 🚗 | | -| Akash | 🚗 | | -| Algorand | 🚗 | | -| Kusama | 🚗 | | -| Stellar | 🚗 | | -| NEM | 🚗 | | -| Zcash | 🚗 | | -| Ethereum Classic | 🚗 | | -| Ravencoin | 🚗 | | \ No newline at end of file +| Blockchain | Status | Recovery Date | +| ---------------- | ------ | ------------- | +| TRON | ✅ | 20231122 | +| Litecoin | ✅ | 20231213 | +| Dogecoin | ✅ | 20231214 | +| Bitcoin | ✅ | 20231215 | +| Polygon | ✅ | 20231218 | +| Ethereum | ✅ | 20231221 | +| MobileCoin | ✅ | 20231229 | +| BNB Smart Chain | ✅ | 20240101 | +| EOS | ✅ | 20240102 | +| Ripple | ✅ | 20240105 | +| Bitcoin SV | ✅ | 20240108 | +| Bitcoin Cash | ✅ | 20240108 | +| Dash | ✅ | 20240108 | +| Horizen | ✅ | 20240109 | +| Filecoin | ✅ | 20240112 | +| Monero | ✅ | 20240121 | +| Polkadot | ✅ | 20240125 | +| Siacoin | ✅ | 20240209 | +| Nervos | ✅ | 20240215 | +| Solana | ✅ | 20240216 | +| Toncoin | ✅ | 20240310 | +| Cosmos | 🚗 | | +| Arweave | 🚗 | | +| Aptos | 🚗 | | +| NEAR | 🚗 | | +| Avalanche | 🚗 | | +| Akash | 🚗 | | +| Algorand | 🚗 | | +| Kusama | 🚗 | | +| Stellar | 🚗 | | +| NEM | 🚗 | | +| Zcash | 🚗 | | +| Ethereum Classic | 🚗 | | +| Ravencoin | 🚗 | | \ No newline at end of file