Pages:
Author

Topic: Mixin Safe: A Convenient and Decentralized Multisig + MPC + Timelock solution - page 2. (Read 1974 times)

legendary
Activity: 3472
Merit: 3507
Crypto Swap Exchange

That'll still be 10% of all user funds gone forever and really $20 million should not be the amount of bug bounty you give to someone. Even Theymos does not give out such huge amounts for bitcointalk security.

And if the hacker is an organized crime figure, it's no use pleading. It will fall on deaf ears.

A loss of $20 million is still 10 times less than $200 million.
If the hackers agree to such an offer, it probably means that they are not criminally responsible for this hack. Sounds fair.
At some point they will have to take this loss on themselves, obviously, The Mixin team believes that their platform is worth much more than $20 million, in this way, they want to take responsibility for the resulting damage.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org

That'll still be 10% of all user funds gone forever and really $20 million should not be the amount of bug bounty you give to someone. Even Theymos does not give out such huge amounts for bitcointalk security.

And if the hacker is an organized crime figure, it's no use pleading. It will fall on deaf ears.
legendary
Activity: 3136
Merit: 1172
Leading Crypto Sports Betting & Casino Platform
I was not enthusiastic about the idea, and I saw that the system was complex and difficult to understand for the average user, let alone a beginner, but I was really surprised that there were 100 members who had conducted reviews for this service. I did not read any of them, and I do not know how they were able to understand these complexities.

But after 100 members participated in that review campaign, I began to believe that it was a good service and that the problem was me.
It wasn't really that complex, the set-up process was way long and annoying, that's all, once you were signed up, it was normal to use but nothing really attractive. The way messenger, wallet, key and other apps were connecting with each-other was definitely one of the worst one can see.


I too would not say that the process was difficult and if it really provided the purpose to safeguard your coins, then it's worth it, even if it is a lengthy process.

Also, remember if you make any air-gapped device / cold storage, the process is complicated to sign the transactions offline and all this other stuff. So, it is more about if the solution is trustworthy people are ready to spend the money and also spend the time learning it, unfortunately after this hack, no one should be using Mixin services anymore.  


legendary
Activity: 1820
Merit: 2700
Crypto Swap Exchange
From what was said by the founder Feng Xiaodong[1] they lost 50% 100% of customers' money, but they would refund 50% through issuing bond tokens out of thin air for the victims to claim, and this bond tokens would be repurchased by the platform in the future. I don't think that's going to happen, and i believe Mixin network may be insolvent right now.
That sounds a lot like what a large exchange did in the past. Who's going to buy made up "bond tokens" of an insolvent company hoping they won't lose more money in the future?
Why is it so hard for you to understand that there are tons of people who will still buy it despite the fact that company is insolvent? Look, everything depends on how you lie to people and believe me, a lot of people will look at their bond tokens like the best opportunity to invest in an innovative (they will wrap their product as innovative and a lot of people will believe it) company. Mixin also will offer them best terms to attract as many people as possible to sell them.
It's easy, you and me won't buy it but billions of people will because people lack critical thinking. You know what? When people ask medical questions to google, they aren't looking for Mayoclinic links, they visit the first link that Google shows them and this first link can be a website of snake oil salesman.

Some will buy due to a "lack of critical thinking," while others will see it as a promising investment opportunity. People frequently profit from risky ventures; there's nothing new about it.

The way I see it, Mixin has three major institutional investors, including Blockchain R&I, LongMen Fund, and INBlockchain. Li Xiaolai, the owner of INBlockchain, alone reportedly has a net worth of around $3.5 billion. I doubt they'd be willing to let their investment go to waste so easily, regardless of the hack.
hero member
Activity: 882
Merit: 792
Watch Bitcoin Documentary - https://t.ly/v0Nim
From what was said by the founder Feng Xiaodong[1] they lost 50% 100% of customers' money, but they would refund 50% through issuing bond tokens out of thin air for the victims to claim, and this bond tokens would be repurchased by the platform in the future. I don't think that's going to happen, and i believe Mixin network may be insolvent right now.
That sounds a lot like what a large exchange did in the past. Who's going to buy made up "bond tokens" of an insolvent company hoping they won't lose more money in the future?
Why is it so hard for you to understand that there are tons of people who will still buy it despite the fact that company is insolvent? Look, everything depends on how you lie to people and believe me, a lot of people will look at their bond tokens like the best opportunity to invest in an innovative (they will wrap their product as innovative and a lot of people will believe it) company. Mixin also will offer them best terms to attract as many people as possible to sell them.
It's easy, you and me won't buy it but billions of people will because people lack critical thinking. You know what? When people ask medical questions to google, they aren't looking for Mayoclinic links, they visit the first link that Google shows them and this first link can be a website of snake oil salesman.

I was not enthusiastic about the idea, and I saw that the system was complex and difficult to understand for the average user, let alone a beginner, but I was really surprised that there were 100 members who had conducted reviews for this service. I did not read any of them, and I do not know how they were able to understand these complexities.

But after 100 members participated in that review campaign, I began to believe that it was a good service and that the problem was me.
It wasn't really that complex, the set-up process was way long and annoying, that's all, once you were signed up, it was normal to use but nothing really attractive. The way messenger, wallet, key and other apps were connecting with each-other was definitely one of the worst one can see.
legendary
Activity: 2422
Merit: 1191
Privacy Servers. Since 2009.
I've seen several incorrect posts by now. To be clear: Mixin lost $200M, not Mixin Safe.

As far as I've seen, only Mixin Network is mentioned and within that, there are different groups of services. Mixin Safe, MixPay, Mixin Wallet, Mixin Messenger maybe something else. Apart from the statement "Mixin Network's cloud service provider was attacked by hackers", I have not seen anything more detailed about which part was the subject of the attack

Yeah they all definitely belong to the same person/entity. It's yet unclear though which part of their network got hit or which app had the vulnerability which lead to such a tragic outcome. I also haven't seen any official press release or statement by Mixin group employees. Mixin Safe was in beta I believe but still they will at least have to change name/rebrand if they're planning to develop it further.
legendary
Activity: 3472
Merit: 3507
Crypto Swap Exchange
I've seen several incorrect posts by now. To be clear: Mixin lost $200M, not Mixin Safe.

As far as I've seen, only Mixin Network is mentioned and within that, there are different groups of services. Mixin Safe, MixPay, Mixin Wallet, Mixin Messenger maybe something else. Apart from the statement "Mixin Network's cloud service provider was attacked by hackers", I have not seen anything more detailed about which part was the subject of the attack
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
I've seen several incorrect posts by now. To be clear: Mixin lost $200M, not Mixin Safe.
legendary
Activity: 3136
Merit: 1172
Leading Crypto Sports Betting & Casino Platform
Of course, they are not trustworthy now! I was talking about the time when forum members were doing those reviews. At that point, there was no way for people to predict this or uncover security flaws from their end.

Well no one would have thought that things would turn out like this but hey wait, even though the members and the users who use this service didn't anticipate this, the Mixin Safe owners did put a warning message every time you logged in the mixin safe.



Here they clearly state that do not store $1000 of your assets in here, so if all the users follow this, not a single individual loss should be greater than 1000$.
legendary
Activity: 2702
Merit: 4002
Even though those 100 users who review their service did not continue to use it afterwards but everyone of them (expect a few) review their service top notch and excellent  Huh

If the Mixin Safe Service was not trustable, had flaws then why people did not highlight in the review ? I must say it is a wrong behavior for most of the reviewers to review "Good" only (Maybe they got the money from the company so its hard to say bad words about them)

I was not enthusiastic about the idea, and I saw that the system was complex and difficult to understand for the average user, let alone a beginner, but I was really surprised that there were 100 members who had conducted reviews for this service. I did not read any of them, and I do not know how they were able to understand these complexities.

But after 100 members participated in that review campaign, I began to believe that it was a good service and that the problem was me.

Personally, I do not like miniscript, and with the limited number of wallets that support this technology, recent ledger miniscript vulnerability[1], Ledger Recovery[2], and their price policies[3], I expect that the number of users for this service will be very few and limited, and thus achieving a return from it will be difficult. .....
I honestly don't know but I think it is hard to find 100 BTT account can join to the review campaign,

I am still surprised that customer deposits reach one million dollars. not $200 million
sr. member
Activity: 1022
Merit: 280
You're overlooking Mixin Messenger, which comes with an integrated crypto wallet and supposedly has over million users. Like I mentioned earlier, we don't have confirmation that the Mixin Safe service is part of the hack.

Correct me if i am wrong. Mixin Safe is actually a Wallet, a sort of MultiSig wallet where you need two keys to spend the funds and one of the key is stored with the Mixin team themselves and it is time locked.

My concern is that It was not an exchange where funds are sorted and hacker access them, It is only a wallet and it was decentralized too (private keys with the users only) (don't know if it was open or closed source), so this means that hacker managed to get all the private keys?  In theory, that is impossible  Huh
legendary
Activity: 2268
Merit: 18771
I don't think that's going to happen, and i believe Mixin network may be insolvent right now.
They are 100% insolvent right now:

In the article I linked to above, the CEO said that only half of users' deposits would be unaffected. So yes, users' funds have been lost, and Mixin Network are now insolvent.

Insolvent simply means they are unable to pay all their debts. If they can only afford to cover 50% of the losses, then it means they do not have enough to pay all their customers all the money they are owed. They cannot pay their debts, and therefore they are insolvent.

That sounds a lot like what a large exchange did in the past. Who's going to buy made up "bond tokens" of an insolvent company hoping they won't lose more money in the future?
It worked for Bitfinex. The only reason their centralized shitcoin UNUS SED LEO even exists was to bail them out after they were hacked for 100,000+ bitcoin back in 2016. And today it has a market cap of over $3 billion. Bitfinex have of course suffered further hacks since then, but now they just print more Tether out of thin air to cover up their losses instead of launching more shitcoins. And I don't need to tell you just how widespread Tether is.

There is no shortage of people who will buy whatever centralized shitcoin Mixin create to bail themselves out.
legendary
Activity: 1820
Merit: 2700
Crypto Swap Exchange
And who's saying that Mixin wasn't trustworthy? I'm not defending, but as far as we know, they got hacked
The fact that they kept $200 million of other people's money in a hot wallet is what makes them not trustworthy. If a bank loses their customers' money, I don't trust them. The same goes for any other company.

Of course, they are not trustworthy now! I was talking about the time when forum members were doing those reviews. At that point, there was no way for people to predict this or uncover security flaws from their end.

My point: it was a custodial service, and custodial services get hacked all the time. Losing your funds is undeniably terrible, and I sympathize with those who are affected. However, some of the responsibility also rests with the users themselves. Why do we keep repeating "not your keys..." here?



Almost all reviews pointed to the complexity of using the Mixin service. At the same time, we are talking about the users of this forum, who are mostly familiar with Bitcoin transactions. Although it was not realistic for many testers from the forum that someone would use this service, nevertheless, they held more than $200 million

It was a different service. Mixin Safe has been reviewed by users on this forum. However, from what I understand, Mixin Safe hasn't actually been hacked. On the other hand, Mixin Messenger (which includes an integrated crypto wallet) had over a million users. My hunch is that the wallet that got hacked is linked to their custodial wallet service within Mixin Messenger.
legendary
Activity: 3472
Merit: 3507
Crypto Swap Exchange
As far as I know, they only recently came to the forum and most of the forum users heard about them for the first time then. It is certainly still new to Bitcointalkers.
They paid 100 users to use and review their service. Did not a single one of these users continue to use the service afterwards? That's a pretty big red flag.

Aside from pricing which i find rather high (especially because i live on developing country), i got stuck few times (either due to bug or mistake on their guide) when i attempt to move my Bitcoin through few means. So i wouldn't be surprised if nobody continue to use the service.

Almost all reviews pointed to the complexity of using the Mixin service. At the same time, we are talking about the users of this forum, who are mostly familiar with Bitcoin transactions. Although it was not realistic for many testers from the forum that someone would use this service, nevertheless, they held more than $200 million
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Even though those 100 users who review their service did not continue to use it afterwards but everyone of them (expect a few) review their service top notch and excellent  Huh

If the Mixin Safe Service was not trustable, had flaws then why people did not highlight in the review ? I must say it is a wrong behavior for most of the reviewers to review "Good" only (Maybe they got the money from the company so its hard to say bad words about them)

We couldn't review the service backend. That's where they got hacked.

From what was said by the founder Feng Xiaodong[1] they lost 50% 100% of customers' money, but they would refund 50% through issuing bond tokens out of thin air for the victims to claim, and this bond tokens would be repurchased by the platform in the future. I don't think that's going to happen, and i believe Mixin network may be insolvent right now.

If they lost all of the money and not just half of it, that's even worse. It means that all of those authentication systems that were meant to keep crooks out of user accounts were bypassed and they went through the back door.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
And who's saying that Mixin wasn't trustworthy? I'm not defending, but as far as we know, they got hacked
The fact that they kept $200 million of other people's money in a hot wallet is what makes them not trustworthy. If a bank loses their customers' money, I don't trust them. The same goes for any other company.

From what was said by the founder Feng Xiaodong[1] they lost 50% 100% of customers' money, but they would refund 50% through issuing bond tokens out of thin air for the victims to claim, and this bond tokens would be repurchased by the platform in the future. I don't think that's going to happen, and i believe Mixin network may be insolvent right now.
That sounds a lot like what a large exchange did in the past. Who's going to buy made up "bond tokens" of an insolvent company hoping they won't lose more money in the future?
legendary
Activity: 994
Merit: 1089
I mean, let's use some common sense here. If the company itself wasn't aware of the security flaw that ultimately led to the hack, how in the world could the end users have possibly known about it?
The company should have known that anything stored online is prone to hacking, and how do they keep keys of that amount of money online, in the cloud. I agree that the users who did the review didn't know about this flaw anyway, if not anyone who knows what they are doing would have written about it. The major issues or flaws raised by many reviewers during the review campaign was ambiguity, zero privacy and that the service was custodial, and i think that is enough for anyone who wants to make up their mind about using the service or not through reading reviews made.
And who's saying that Mixin wasn't trustworthy? I'm not defending, but as far as we know, they got hacked; it's not like they made off with their users' funds in some sort of scam.
I am not accusing them of a rug-pull either, but we don't know if they were hacked or not, they told us that they were hacked and there is no way for us to verify that information.
Like I mentioned earlier, we don't have confirmation that the Mixin Safe service is part of the hack.
From what was said by the founder Feng Xiaodong[1] they lost 50% 100% of customers' money, but they would refund 50% through issuing bond tokens out of thin air for the victims to claim, and this bond tokens would be repurchased by the platform in the future. I don't think that's going to happen, and i believe Mixin network may be insolvent right now.

[1] https://www.cryptotimes.io/mixin-network-founder-admits-50-assets-are-safe/
legendary
Activity: 1820
Merit: 2700
Crypto Swap Exchange

But there is a thing that I think about, first of all I couldn't imagine if it was that easy to hack them when users were pushed to had multiple security layouts and then, how were there so many users using this complicated platform? It's too complicated to be used by hundreds of thousands of people.

You're overlooking Mixin Messenger, which comes with an integrated crypto wallet and supposedly has over million users. Like I mentioned earlier, we don't have confirmation that the Mixin Safe service is part of the hack.

Mixin is evidently a sizable company, and their services have gained popularity in Asia. Just because we might not be familiar with it doesn't mean it can't have millions of users in the Asian market.
hero member
Activity: 882
Merit: 792
Watch Bitcoin Documentary - https://t.ly/v0Nim
They paid 100 users to use and review their service. Did not a single one of these users continue to use the service afterwards? That's a pretty big red flag.
I saw no reason to use this after my review. TL;DR: The privacy policy is a nightmare, the 6 digit PIN security is questionable, the withdrawal fees are very high (50 to 8800 times the on-chain fee), the overall feeling was confusing. The claims (1 million dollar transaction volume on average from each of the 1 million users) unbelievable. Lots of buzz words, but no information on how to recover funds. I don't want social contacts for emergencies. Even normal withdrawals were very complicated, and after testing the whole thing feels custodial.

I see no reason why anyone would ever use this:
From all the reviews I've done, this one was by far the furthest out of my comfort zone. I had no idea what I was doing when I started. I can only imagine this is worse for Bitcoin newbies.
We all agree that Mixin was a very complicate to use and from the first use, I truly thought that since this service was too complicated and had many security steps, it would actually be one of the most secure platform. The setup process was too complicated, especially for a newbie but after that, it was okay, still, they could structure their web architect in a better way to make one major platform instead of three one. But there is a thing that I think about, first of all I couldn't imagine if it was that easy to hack them when users were pushed to had multiple security layouts and then, how were there so many users using this complicated platform? It's too complicated to be used by hundreds of thousands of people.
Pages:
Jump to: