Mixin Safe: A Convenient and Decentralized Multisig + MPC + Timelock solution

FatFork

legendary

Activity: 1568

Merit: 2581

Top Crypto Casino

Quote from: Igebotz on October 07, 2023, 04:48:10 PM

Quote from: FatFork on October 02, 2023, 11:20:38 AM

Quote from: Igebotz on October 02, 2023, 09:18:26 AM

The CEO stated that the timelock will only expire if the vulnerabilities are found and fixed

Where did you read such statement? Honestly, all I've read is that they stated their services will be reopened "once the vulnerabilities are confirmed and fixed". That makes sense.

Lol Tell us more, it seems you know more than the rest of us - You're merely reading the lines, whereas I'm deciphering the meaning.

Keep your socks on, I'm not here to defend Mixin or anything, and I don't work for them either. I'm just sharing the info I come across. You said, "The CEO stated..." and I simply asked, "Where did you read such a statement?"

Also, you mentioned "timelock," so I assume you're referring to Mixin Safe. It's already been said multiple times in this thread - it's a different service! The Mixin Safe service has never been suspended or affected by the hack, as far as I know. If you have different information, please share.

To quote LoyceV:

Quote from: LoyceV on September 27, 2023, 12:34:39 PM

I've seen several incorrect posts by now. To be clear: Mixin lost $200M, not Mixin Safe.

Igebotz

staff

Activity: 1316

Merit: 1610

The Naija & BSFL Sherrif 📛

Quote from: FatFork on October 02, 2023, 11:20:38 AM

Quote from: Igebotz on October 02, 2023, 09:18:26 AM

The CEO stated that the timelock will only expire if the vulnerabilities are found and fixed

Where did you read such statement? Honestly, all I've read is that they stated their services will be reopened "once the vulnerabilities are confirmed and fixed". That makes sense.

Lol Tell us more, it seems you know more than the rest of us - You're merely reading the lines, whereas I'm deciphering the meaning. They're not going to compensate anyone, and the only thing you'll probably see in your balance are some shady tokens. No way the owner compensating anyone out of his own pocket..

These days when an entity get hacked both the owners and the customers bears the loss, no fund insurance policy.

stompix

legendary

Activity: 2828

Merit: 6108

Jambler.io

Quote from: FatFork on October 02, 2023, 11:20:38 AM

I don't know where Igebotz got that from, but I don't think that's true. According to media reports, during a live briefing on September 25th, Mixin's founder, Xiaodong Feng, stated that they would compensate users "up to 50%" for the stolen assets, with the remainder being distributed to users as "tokenized liability claims" that Mixin would eventually repurchase "with its future profits".

lol, "compensate" ?
I love how they always use stupid wording like this, trying to pose like they are in control, they are the ones taking the hit, and they will suffer one century in pain but will make everything up for their customers!

It's no compensation, compensation is when you take something and give something in return, this is just taking half of the money away!
Imagine how a robber would testify in court and argue that he took only one TV and the jewelry so has already compensated the victim by letting him have his fridge and socks!!!

https://twitter.com/MixinKernel/status/1709869557287178402

Quote

After statistical analysis, the affected assets in this incident were mainly ERC20-USDT, ETH, and BTC. Other assets were not affected. The specific compensation details are still under discussion. Please stay tuned for updates on the progress of this incident. In order to improve the Network and provide more secure services, after a week of rigorous evaluation, we will make the following updates to the Mixin Network:

again, lol

Quote

1. Release a new system based on Mixin Safe to enhance network security. The new system is expected to go online in 3-4 weeks. After another 2 weeks of system inspection, deposit and withdrawal functions can be opened.

deposits and withdrawals, quite optimistic, I am willing to bet on a 1000:1 ratio between the two

Z-tight

hero member

Activity: 854

Merit: 1031

Only BTC

Quote from: digaran on October 06, 2023, 05:17:23 AM

Why would anyone use a third party to hold their keys? And this was supposed to be what exactly, an easy target for "hackers"? By the time people realize not to trust their money with none other than banks, I'd be long gone, universe would be long gone, meaning people will continue to do this.

The bank is also a third party, and they control your money when you trust them with it, take note that banks are also involved in fractional reserve scam. Nevertheless, the banking system is a more established institution than centralized exchanges or crypto businesses like mixin network, so your money is probably safer in a bank than with such services.

Quote from: digaran on October 06, 2023, 05:17:23 AM

Bitcoin is a currency and a bank, if you want to give your funds to third parties for whatever reason, give them to banks and if banks don't offer such services, maybe they have a good reason.

BTC is not a bank, when you use BTC you ought to be the bank yourself and hold your own keys. If you want self custody of your money, store your keys yourself, not your keys, not your coins.

digaran

copper member

Activity: 1330

Merit: 899

🖤😏

Why would anyone use a third party to hold their keys? And this was supposed to be what exactly, an easy target for "hackers"? By the time people realize not to trust their money with none other than banks, I'd be long gone, universe would be long gone, meaning people will continue to do this. Bitcoin is a currency and a bank, if you want to give your funds to third parties for whatever reason, give them to banks and if banks don't offer such services, maybe they have a good reason.

This will keep on happening as it has several times in the past, simply because they don't want to listen to the warnings.

Synchronice

hero member

Activity: 854

Merit: 772

Watch Bitcoin Documentary - https://t.ly/v0Nim

Quote from: NotATether on September 28, 2023, 12:39:42 PM

Quote from: Josefjix on September 28, 2023, 08:46:59 AM

Mixin CEO Begs Hackers To Return Funds and Take $20m as bug rewards

That'll still be 10% of all user funds gone forever and really $20 million should not be the amount of bug bounty you give to someone. Even Theymos does not give out such huge amounts for bitcointalk security.

And if the hacker is an organized crime figure, it's no use pleading. It will fall on deaf ears.

I think they already sense that they won't be able to find hackers, seize money and get it back, so, instead of 100% financial loss they try to negotiate with hackers to make it 10% financial lose with the hope that hackers will get scared, return 90% of stolen money, prioritize their safety and walk away with $20 million. But I guess this is a lure and the chase of hackers will not stop after this deal (recent example: Putin and Prigozhin). So, personally I think that hackers will refund nothing, probably knew what they were doing and life will continue.

FatFork

legendary

Activity: 1568

Merit: 2581

Top Crypto Casino

Quote from: Igebotz on October 02, 2023, 09:18:26 AM

The CEO stated that the timelock will only expire if the vulnerabilities are found and fixed

Where did you read such statement? Honestly, all I've read is that they stated their services will be reopened "once the vulnerabilities are confirmed and fixed". That makes sense.

Quote from: LoyceV on October 02, 2023, 09:59:04 AM

Quote

in other words, users can only get their funds back if the hackers refund some of the money, which I doubt will happen.

In which jurisdiction is this even legal? Shouldn't they file for bankruptcy if they're insolvent, isn't that the legal way to handle this?

I don't know where Igebotz got that from, but I don't think that's true. According to media reports, during a live briefing on September 25th, Mixin's founder, Xiaodong Feng, stated that they would compensate users "up to 50%" for the stolen assets, with the remainder being distributed to users as "tokenized liability claims" that Mixin would eventually repurchase "with its future profits".

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: Igebotz on October 02, 2023, 09:18:26 AM

The CEO stated that the timelock will only expire if the vulnerabilities are found and fixed

I admit I don't understand the technical details of how it works, and it was quite complicated, but my assumption was that the timelock is something that can't be changed once it's set. I assumed it was based on cryptography, but judging by your comment it's completely centralized.
That confirms what I knew already: don't trust things you don't understand

It reminds me of the "ETH DAO smart contract" where the only person who understood how it works was called "the attacker".
Keep it simple, keep your own keys

Quote

in other words, users can only get their funds back if the hackers refund some of the money, which I doubt will happen.

In which jurisdiction is this even legal? Shouldn't they file for bankruptcy if they're insolvent, isn't that the legal way to handle this?

Igebotz

staff

Activity: 1316

Merit: 1610

The Naija & BSFL Sherrif 📛

Quote from: LoyceV on October 02, 2023, 07:31:17 AM

Quote from: Igebotz on October 01, 2023, 04:07:42 PM

Nope! This is the pop up message!

"Server under maintenance "

The promise was for you to be able to recover your funds after a timelock expires, but they didn't explain how to do it. Even worse: if it's set up the way I think it is, they too would be able to have 2 out of 3 keys by the time the timelock expires.

The CEO stated that the timelock will only expire if the vulnerabilities are found and fixed - in other words, users can only get their funds back if the hackers refund some of the money, which I doubt will happen. This will culminate in the creation of some form of debt token that will be distributed to users in order to compensate for loss.

Particia EX did precisely that when they got hacked last year.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: Igebotz on October 01, 2023, 04:07:42 PM

Nope! This is the pop up message!

"Server under maintenance "

The promise was for you to be able to recover your funds after a timelock expires, but they didn't explain how to do it. Even worse: if it's set up the way I think it is, they too would be able to have 2 out of 3 keys by the time the timelock expires.

Igebotz

staff

Activity: 1316

Merit: 1610

The Naija & BSFL Sherrif 📛

Quote from: o_e_l_e_o on October 01, 2023, 01:58:11 PM

Quote from: Igebotz on September 29, 2023, 09:21:07 AM

Until now my little Bitcoin left in my Mixin messager is still reflectiing with no option to withdraw. I'm 100% sure what I have there is just virtual numbers.

Ps: coins left after the review.

So you can confirm that it is currently impossible to withdraw coins from this apparent "decentralized, non-custodial" Mixing Safe?

Nope! This is the pop up message!

"Server under maintenance "

It's still a wonder to me how an unknown entity can have $200 million in a hot wallet when even the largest exchanges don't have that much in a hot wallet. Wasn't the project in beta, and deposits of more over $1000 were not allowed? Well wish them the best.

Stalker22

legendary

Activity: 1484

Merit: 1355

Quote from: o_e_l_e_o on October 01, 2023, 01:58:11 PM

Quote from: Igebotz on September 29, 2023, 09:21:07 AM

Until now my little Bitcoin left in my Mixin messager is still reflectiing with no option to withdraw. I'm 100% sure what I have there is just virtual numbers.

Ps: coins left after the review.

So you can confirm that it is currently impossible to withdraw coins from this apparent "decentralized, non-custodial" Mixing Safe?
~

Mixin Wallet is integrated into the Mixin Messenger App. Mixin Safe is a standalone service. I remember that, when I was doing the review, those two services were not connected to each other. I had to make a deposit from Mixin Messenger to Mixin Safe and then transfer the coins back.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18509

Quote from: Igebotz on September 29, 2023, 09:21:07 AM

Until now my little Bitcoin left in my Mixin messager is still reflectiing with no option to withdraw. I'm 100% sure what I have there is just virtual numbers.

Ps: coins left after the review.

So you can confirm that it is currently impossible to withdraw coins from this apparent "decentralized, non-custodial" Mixing Safe?

So I take it they never released this tool they promised to release after I identified this big red flag?

Quote from: o_e_l_e_o on July 21, 2023, 08:28:13 AM

It will also be beyond their skill set to recover their coins if your service disappears, and that's a very dangerous situation to be in. And you are not incentivized to release a tool to allow them to do so, since then they can easily bypass your pricing model.

Quote from: cedricfung on July 21, 2023, 05:36:26 AM

the plan is not to let the users develop software, it's to provide another software to help them. A decentralized system allows a new software to do the job, unlike a centralized system rug.

You are essentially hoping that some unknown developer will be kind enough to develop a tool to allow users to recover their coins, for free, in their own time. That's a big assumption.

stompix

legendary

Activity: 2828

Merit: 6108

Jambler.io

Quote from: NotATether on September 28, 2023, 12:39:42 PM

That'll still be 10% of all user funds gone forever and really $20 million should not be the amount of bug bounty you give to someone. Even Theymos does not give out such huge amounts for bitcointalk security.

Think the other way around.
You don't spend 20 million, you get back 180 millions, even half of it and you're still from this moment gaining 100 million to your balances!

There is one thing I'm surprised about and it's indeed strange for me I'm the only one thinking this, but isn't it a bit weird that indeed they had this huge amount of funds around? For a service that really went big in the last years and was a bit unattractive to the masses for its complexity, I'm quite amazed of the amounts stolen. We have exchanges that didn't have that much on balances in their life so and it's a different type of business altogether.

Anyhow, reading this topic now, some of those quoted aged worse than bull milk!

Igebotz

staff

Activity: 1316

Merit: 1610

The Naija & BSFL Sherrif 📛

Quote from: LoyceV on September 29, 2023, 06:46:04 AM

Quote from: Z-tight on September 29, 2023, 06:29:43 AM

Why wouldn't it be affected by the hack since it is custodial

Sorry, I forgot the word "non"-custodial. I've edited my post.

Quote

there is no private key or seed phrase to any "safe vault" that you create.

That's the shitty part indeed, and it's what makes it really hard to believe it's non-custodial. The user doesn't have much more than a phone number and 6 digit PIN to recover their funds, and they didn't say how you can recover it.

This is how;

"You will be asked periodically to help you remember it."

Until now my little Bitcoin left in my Mixin messager is still reflectiing with no option to withdraw. I'm 100% sure what I have there is just virtual numbers.

Ps: coins left after the review.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: Z-tight on September 29, 2023, 06:29:43 AM

Why wouldn't it be affected by the hack since it is custodial

Sorry, I forgot the word "non"-custodial. I've edited my post.

Quote

there is no private key or seed phrase to any "safe vault" that you create.

That's the shitty part indeed, and it's what makes it really hard to believe it's non-custodial. The user doesn't have much more than a phone number and 6 digit PIN to recover their funds, and they didn't say how you can recover it.

Z-tight

hero member

Activity: 854

Merit: 1031

Only BTC

Quote from: LoyceV on September 29, 2023, 04:00:11 AM

The difference is that Mixin Safe is supposed to be custodial. If that's true (which I haven't been able to verify) it shouldn't be affected by the hack.

Why wouldn't it be affected by the hack since it is custodial and the Mixin network holds the keys and obviously stores them in the cloud? Mixin safe is custodial that's for sure, there is no private key or seed phrase to any "safe vault" that you create.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: dkbit98 on September 28, 2023, 05:56:57 PM

Quote from: LoyceV on September 27, 2023, 12:34:39 PM

I've seen several incorrect posts by now. To be clear: Mixin lost $200M, not Mixin Safe.

Product is different, but company and owners are obviously the same.

The difference is that Mixin Safe is supposed to be non-custodial. If that's true (which I haven't been able to verify) it shouldn't be affected by the hack.

FatFork

legendary

Activity: 1568

Merit: 2581

Top Crypto Casino

Quote from: dkbit98 on September 28, 2023, 05:56:57 PM

Quote from: LoyceV on September 27, 2023, 12:34:39 PM

I've seen several incorrect posts by now. To be clear: Mixin lost $200M, not Mixin Safe.

Product is different, but company and owners are obviously the same.
If micr0s0ft or apple get hacked and lost all their money it will affect all of their products.

True, the company is still responsible for the hack and the loss of money. It's just that some people mistakenly associate this incident with the Mixin Safe service, which, if I'm not mistaken, is still in beta and not that widely used.

Quote from: dkbit98 on September 28, 2023, 05:56:57 PM

It was a good idea for some people that used temp phone numbers afterall Wink

No doubt about it. I would always use a fake phone number for things like that if I could.

dkbit98

legendary

Activity: 2212

Merit: 7064

Cashback 15%

Quote from: FatFork on September 27, 2023, 07:21:51 AM

It was a different service. Mixin Safe has been reviewed by users on this forum. However, from what I understand, Mixin Safe hasn't actually been hacked. On the other hand, Mixin Messenger (which includes an integrated crypto wallet) had over a million users. My hunch is that the wallet that got hacked is linked to their custodial wallet service within Mixin Messenger.

Mixin Messenger was the part of review because many people used it in combination with Mixin Safe as part of their multisig setup, including me, this was clearly mentioned in official campaign rules.
They just forked open source Signal messenger and added centralized coin storing that was connected with cloud service.
I probably still have keys somewhere but I didn't run Messenger to see if it's even working now.

Quote from: LoyceV on September 27, 2023, 12:34:39 PM

I've seen several incorrect posts by now. To be clear: Mixin lost $200M, not Mixin Safe.

Product is different, but company and owners are obviously the same.
If micr0s0ft or apple get hacked and lost all their money it will affect all of their products.

Quote from: AB de Royse777 on July 18, 2023, 04:59:52 PM

- Prepare Members Wallet: Get Mixin Messenger
- Set Mixin Messenger PIN
- Add Mixin Messenger Contacts: Please ask all safe members to add each other as a contact in Mixin Messenger, including yourself.

- To active Mixin Messenger, you can use a throwaway phone number

It was a good idea for some people that used temp phone numbers afterall Wink

Topic: Mixin Safe: A Convenient and Decentralized Multisig + MPC + Timelock solution (Read 1843 times)