Mixin Network temporarily suspended services after the attack caused more than 200 million USD in damage
On the morning of September 25, Mixin Network recorded heavy losses when hackers "blew away" more than 200 million USD. This became the most serious hack in the Crypto industry in 2023, surpassing Euler Finance's loss of 197 million USD in March or Multichain lost 128 million USD in July.
The discovered vulnerability is related to cloud service provider Google. Currently, Mixin has temporarily suspended the deposit and withdrawal feature to protect user assets. The project founder will have a live session at 12 noon today to present the incident and announce the solution to handle the stolen assets.
Mixin Network is a blockchain project that allows users to trade and transfer cross- chain assets between 44 different blockchains. Damage of more than 200 million USD this morning accounts for 57% of the project TVL (equivalent to 350 million USD). XIN Token price dropped 7% after the news.
Vitalik Buterin continues to transfer another 400 ETH to Coinbase
Vitalik Buterin 's related wallet was discovered to have transferred an additional 400 ETH (equivalent to 632,000 USD) to Coinbase on the morning of September 25. This transfer has brought the total number of ETH Token sent by Ethereum founder to Coinbase to 1000 ETH, after the first transfer of 600 ETH about 1 month ago.
Over the past month, Vitalik has also made many transactions to transfer ETH to exchanges:
- September 19: Vitalik sent 300 ETH to Kraken
- September 12: Vitalik transferred 2000 ETH to Bitstamp
- August 21: Vitalik transferred 600 ETH to Coinbase
Up to now, it can be seen that the father of Ethereum is gradually allocating assets to CEX exchanges such as Coinbase, Kraken and Bitstamp, and Vitalik's main motive for "collecting assets" to transfer to these exchanges has not yet been determined. clarify.
OpenSea exposes users' API keys
Market leader Non-Fungible Token marketplace OpenSea has placed a warning, requiring users to immediately change their API keys, following a security incident from a third party.
The company notes that the security incident will affect any program that uses OpenSea API keys. Exposing the key can expose users to attacks as well as affect the command processing speed of applications using OpenSea's API keys. Therefore, the platform plans to discontinue existing keys before October 2, according to the email announcement.
To date, OpenSea has not announced how many users are affected by the incident or what information other than the API key has been leaked.
This is not the first time OpenSea has encountered security challenges. Last year, the platform suffered a large-scale leak of customer email addresses, due to employee errors while working with email partner Customer.io. These types of agreements are often vulnerabilities that hackers keep an eye on.
Upbit - Korea's largest crypto exchange allows users to deposit fake Aptos (APT).
Korea's largest cryptocurrency exchange, Upbit , had to issue a notice on September 24 to stop depositing and withdrawing Aptos (APT) because of the negligence of the floor management team.
Specifically, it seems that Upbit made an error in the Token authentication process, leading to the recognition of a coin impersonating APT as real money and allowing users to deposit it on the exchange. The exchange's system still records fake coins as real assets and allows trading for other assets.
Next, a large amount of fake APT were uploaded to the exchange, sold for money and then withdrawn from Upbit. Wu Blockchain sources confirmed that 95 million USD of fake Aptos were loaded into more than 380,000 addresses on Upbit, causing the trading Volume on the exchange to increase from 260,000 APT on September 23 to 14.91 million APT on September 14. 09.
Upbit is calling on users who deposited fake coins to return their money. Otherwise, the exchange will take legal action. It is still unclear when Upbit made the mistake of recognizing the fake APT , as well as the account number involved in the incident.
