Pages:
Author

Topic: Mixin Safe: A Convenient and Decentralized Multisig + MPC + Timelock solution - page 3. (Read 1947 times)

legendary
Activity: 1624
Merit: 2594
Top Crypto Casino
As far as I know, they only recently came to the forum and most of the forum users heard about them for the first time then. It is certainly still new to Bitcointalkers.
They paid 100 users to use and review their service. Did not a single one of these users continue to use the service afterwards? That's a pretty big red flag.

Even though those 100 users who review their service did not continue to use it afterwards but everyone of them (expect a few) review their service top notch and excellent  Huh

If the Mixin Safe Service was not trustable, had flaws then why people did not highlight in the review ? I must say it is a wrong behavior for most of the reviewers to review "Good" only (Maybe they got the money from the company so its hard to say bad words about them)

I didn't personally take part in the review campaign, but I did read some of those reviews from several reputable members. I didn't find anything particularly bad about them, and most review campaigns tend to be that way.

You should understand that  these reviews are coming from regular users, not security wizards doing expert-level audits. They usually focus on the user experience, how things feel, and not so much on digging out potential flaws or security loopholes that hackers could exploit. I mean, let's use some common sense here. If the company itself wasn't aware of the security flaw that ultimately led to the hack, how in the world could the end users have possibly known about it? 

And who's saying that Mixin wasn't trustworthy? I'm not defending, but as far as we know, they got hacked; it's not like they made off with their users' funds in some sort of scam. Besides, the review campaign focused on a specific service the company provides, Mixin Safe. However, as far as I can tell, it's just one of the newer additions within the broader Mixin ecosystem. We don't know that this specific segment has been compromised in the hack.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Even though those 100 users who review their service did not continue to use it afterwards but everyone of them (expect a few) review their service top notch and excellent  Huh
Many paid reviews are like that. It's so obvious when reading those reviews.
sr. member
Activity: 1022
Merit: 280
As far as I know, they only recently came to the forum and most of the forum users heard about them for the first time then. It is certainly still new to Bitcointalkers.
They paid 100 users to use and review their service. Did not a single one of these users continue to use the service afterwards? That's a pretty big red flag.

Even though those 100 users who review their service did not continue to use it afterwards but everyone of them (expect a few) review their service top notch and excellent  Huh

If the Mixin Safe Service was not trustable, had flaws then why people did not highlight in the review ? I must say it is a wrong behavior for most of the reviewers to review "Good" only (Maybe they got the money from the company so its hard to say bad words about them)
legendary
Activity: 2212
Merit: 7064
I am looking to see the announcement by the mixin team. These are kind of experiences that make a project stronger
I understand you are wearing their signature and you worry only about your payment, but your comment is nothing else than a pathetic excuse Tongue

Is the 200 million customers’ money? Are people serious about saving all this service?
We don't know any details until they release it, but I remember when I was testing their service I found out that wallets that hold coins are centralized.
I am not surprised that hack like this happened, but I am really surprised with amount of money they lost, $200 million would seriously affect even the biggest centralized exchanges.

This is what I wrote in my Mixing review:
I really don't understand exact purpose for this much complications for beta software that can hold maximum $1000 with risk of losing it all because of some bugs.
https://bitcointalksearch.org/topic/m.62661917

PS
Not your keys, not your coins, and stick to good old multisig setup.



staff
Activity: 1316
Merit: 1610
The Naija & BSFL Sherrif 📛
Also, does someone want to explain how a "decentralized network" can have a single centralized database stored on Google's servers?
Isn't "decentralized" just a buzz word for 99% of the companies that use it? I generally take it with a grain of salt.

Yeah it's decentralized but we contacted google for help. Hahah

We are so decentralized but we store customers Private keys on google cloud, if this is not an inside job then I don't know what is it. Rugpull! Nothing was hacked.
legendary
Activity: 2422
Merit: 1191
Privacy Servers. Since 2009.
Losing funds from hot wallets makes me feel I'm back in 2013 or something.  Grin
Why? It happens on a near enough weekly basis. This hack is what, not even two days old, and already we've had another hack with Huobi losing $8 million in ETH. All centralized exchanges are the same. Rather than spend time, money, and resources to implement good security protocols, they play fast and loose with the security of your coins and the security of your data because they don't give a shit if you end up losing everything, as long as they line their pockets in the process.

Because of the scale, the amount of coins stolen. So far this is the biggest Bitcoin theft in 2023. Of course, you can't avoid hot wallets they are necessary to operate normally (and companies are losing these relatively small amounts from time to time) but keeping 1/2 or 1/5 of entire customers' funds in a hot wallet doesn't look like a good idea (unless of course you don't want them to be stolen for some reason).  Huh
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
They paid 100 users to use and review their service. Did not a single one of these users continue to use the service afterwards? That's a pretty big red flag.
I saw no reason to use this after my review. TL;DR: The privacy policy is a nightmare, the 6 digit PIN security is questionable, the withdrawal fees are very high (50 to 8800 times the on-chain fee), the overall feeling was confusing. The claims (1 million dollar transaction volume on average from each of the 1 million users) unbelievable. Lots of buzz words, but no information on how to recover funds. I don't want social contacts for emergencies. Even normal withdrawals were very complicated, and after testing the whole thing feels custodial.

I see no reason why anyone would ever use this:
From all the reviews I've done, this one was by far the furthest out of my comfort zone. I had no idea what I was doing when I started. I can only imagine this is worse for Bitcoin newbies.
legendary
Activity: 2268
Merit: 18711
As far as I know, they only recently came to the forum and most of the forum users heard about them for the first time then. It is certainly still new to Bitcointalkers.
They paid 100 users to use and review their service. Did not a single one of these users continue to use the service afterwards? That's a pretty big red flag.

Well, I was more focused on this with the question, were the hacked funds protected with multi-sig or time-locked?
If they had been, then it is highly unlikely they would have been hacked. By all accounts, they were simply in a hot wallet, and a hot wallet stored in the cloud, no less.

Losing funds from hot wallets makes me feel I'm back in 2013 or something.  Grin
Why? It happens on a near enough weekly basis. This hack is what, not even two days old, and already we've had another hack with Huobi losing $8 million in ETH. All centralized exchanges are the same. Rather than spend time, money, and resources to implement good security protocols, they play fast and loose with the security of your coins and the security of your data because they don't give a shit if you end up losing everything, as long as they line their pockets in the process.
legendary
Activity: 2422
Merit: 1191
Privacy Servers. Since 2009.
That puts the losses around 20%, and my guess is that includes customer funds.
In the article I linked to above, the CEO said that only half of users' deposits would be unaffected. So yes, users' funds have been lost, and Mixin Network are now insolvent.

In fact, I am most interested in whether these funds were time-locked. If they are, this hack completely devalues their service's meaning and the whole story.
Why would they be? I don't know of any centralized exchange or service (which Mixin Network clearly is, despite claims to the contrary) which timelocks their own funds. They need access to their funds to process withdrawals. It is user funds in Mixin Safe which are supposed to be timelocked. (I've still not seen anyone say if they can actually access their funds, though. Was nobody actually using Mixin Safe?)

You can ask of course why the funds were stored on a Google cloud server or why they weren't protected with multi-sig, but I don't think they would ever be timelocked.

Ok, no reason for the coins to be timelocked I agree, but I though that such considerable amounts (1/5 or 1/2 of all funds controlled by them) are being kept in a secure cold wallet. Losing funds from hot wallets makes me feel I'm back in 2013 or something.  Grin
legendary
Activity: 3444
Merit: 3469
Crypto Swap Exchange
(I've still not seen anyone say if they can actually access their funds, though. Was nobody actually using Mixin Safe?)

As far as I know, they only recently came to the forum and most of the forum users heard about them for the first time then. It is certainly still new to Bitcointalkers.
They have their own messenger applications, I believe that's where most of the discussion about the actual problem is.

You can ask of course why the funds were stored on a Google cloud server or why they weren't protected with multi-sig, but I don't think they would ever be timelocked.

Well, I was more focused on this with the question, were the hacked funds protected with multi-sig or time-locked?
legendary
Activity: 2268
Merit: 18711
That puts the losses around 20%, and my guess is that includes customer funds.
In the article I linked to above, the CEO said that only half of users' deposits would be unaffected. So yes, users' funds have been lost, and Mixin Network are now insolvent.

In fact, I am most interested in whether these funds were time-locked. If they are, this hack completely devalues their service's meaning and the whole story.
Why would they be? I don't know of any centralized exchange or service (which Mixin Network clearly is, despite claims to the contrary) which timelocks their own funds. They need access to their funds to process withdrawals. It is user funds in Mixin Safe which are supposed to be timelocked. (I've still not seen anyone say if they can actually access their funds, though. Was nobody actually using Mixin Safe?)

You can ask of course why the funds were stored on a Google cloud server or why they weren't protected with multi-sig, but I don't think they would ever be timelocked.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
It is certainly the user's money, although real facts can be manipulated here.
So halting withdrawals and the soothing words are only meant to prevent a bank run? I'd take my money out as soon as possible, before someone else takes it and there's nothing left.
legendary
Activity: 2422
Merit: 1191
Privacy Servers. Since 2009.
Is the 200 million customers’ money? Are people serious about saving all this service?
That surprises me that people are using this Mixin Safe to store their cryptocurrencies and 200 million is not a small amount.
I don't think the 200 million dollars came from "Mixin Safe", it's the "Mixin Network" that lost $200 million. According to https://safe.mixin.zone/, they're managing more than a billion dollars. That puts the losses around 20%, and my guess is that includes customer funds.

Quote from: https://mixin.one/
We build open source software that always puts security, privacy and decentralization first.
That didn't age well.

This, btw is the biggest crypto theft of 2023 up to date! What really happened? Perhaps someone from Mixin Safe can comment and clear things up? I really hope that's not money laundering or management running away with funds!  Roll Eyes
copper member
Activity: 2114
Merit: 1794
Top Crypto Casino
Is the 200 million customers’ money? Are people serious about saving all this service?
The 200 million is definitely partly or all customers' money, otherwise they wouldn't have paused the withdrawals and yeah, it's 2023 and people are still too foolish to keep all their money and life savings in custodial centralized exchanges/services. They never totally learned anything from evens as recent as the FTX or Celsius network scandals

I hope the mixin safe team took notes when a lot of members were not comfortable with how the services operated. Registering using phone numbers, the mixin messenger app centralized nature etc. maybe the hack will be an eye opener.
legendary
Activity: 3444
Merit: 3469
Crypto Swap Exchange
Is the 200 million customers’ money? Are people serious about saving all this service?
That surprises me that people are using this Mixin Safe to store their cryptocurrencies and 200 million is not a small amount.
I don't think the 200 million dollars came from "Mixin Safe", it's the "Mixin Network" that lost $200 million. According to https://safe.mixin.zone/, they're managing more than a billion dollars. That puts the losses around 20%, and my guess is that includes customer funds.

It is certainly the user's money, although real facts can be manipulated here.
In fact, I am most interested in whether these funds were time-locked. If they are, this hack completely devalues their service's meaning and the whole story.
hero member
Activity: 1834
Merit: 879
Rollbit.com ⚔️Crypto Futures
Is the 200 million customers’ money? Are people serious about saving all this service?

That surprises me that people are using this Mixin Safe to store their cryptocurrencies and 200 million is not a small amount.
200 million gone, jeez the last couple of months has been rough on our crypto companies...

Talking of Mixin Safe, I want to believe this is an air-tight product especially since it's built around multisig and looking at the processes involved in getting to our coins...a hacker needs enough keys to be granted access i.e OWNER key/ MEMBERS key..

But seeing the discussion here alleging  Mixin Safe is safe, but why hasn't the mixin ecosystem adopted/integrated the multisig features all round to guarantee security?? Perhaps this is only for the end-users but inhouse its a different on this...
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Is the 200 million customers’ money? Are people serious about saving all this service?
That surprises me that people are using this Mixin Safe to store their cryptocurrencies and 200 million is not a small amount.
I don't think the 200 million dollars came from "Mixin Safe", it's the "Mixin Network" that lost $200 million. According to https://safe.mixin.zone/, they're managing more than a billion dollars. That puts the losses around 20%, and my guess is that includes customer funds.

Quote from: https://mixin.one/
We build open source software that always puts security, privacy and decentralization first.
That didn't age well.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
It was a matter of time until this happened. Mixin is (or was?) one the worst Bitcoin companies when it comes to security. Everything was so much complicated without any reasoning given. At the time I used it to write a review, I just knew this wasn't going to work good, but it turned out that they were having about $400 million? How come they.

The whole point of this "Mixin Safe" was that the recovery key held by Mixin themselves was only usable after a 90 day timelock, and that the owner of the safe could use the 2 keys available to them to move their funds at any time.
Yeah... We are talking about a company that used 10 domain names for their services. I doubt the multi-sig feature existed on every single of them. I was able to spend bitcoin once, in one of their apps without any approval IIRC.



Edit:
Here we don't argue about the choice. Just focus on the project itself. No perfect security.
FTFY.
hero member
Activity: 2814
Merit: 618
Leading Crypto Sports Betting & Casino Platform
Is the 200 million customers’ money? Are people serious about saving all this service?

That surprises me that people are using this Mixin Safe to store their cryptocurrencies and 200 million is not a small amount.


How does "we're hacked, you can't withdraw" reduce worries?
It will not eliminate worry, but people can know what is happening instead of remaining in the dark.

It is a usual thing that if any exchange/wallet is hacked, they may immediately block the withdrawal services to prevent further loss or people trying to withdraw everything that is left.

However, this is not an exchange and i thought this is a decentralized wallet and hence there should be practically no chance of hacking the funds/wallets unless the private keys of the wallets are stored with them.
legendary
Activity: 2268
Merit: 18711
Isn't "decentralized" just a buzz word for 99% of the companies that use it? I generally take it with a grain of salt.
Yup. I've been saying this for years:

There is a problem with a lot of exchanges using the word "decentralized" as a marketing tool and gimmick, when in reality they are not decentralized at all. Sites like LocalBitcoins and IDEX which claim to be decentralized, and yet users have to deposit coins to their custodial wallets and complete KYC. Complete nonsense.

This is also true of other terms such as "trustless" and "private/anonymous", and very worryingly now apparently "open source" as well. My point was more that even when you directly point out how services are in fact none of the things they claim to be, people just don't seem to care that they are being lied to their face and will continue to use those services, often ending in disaster.
Pages:
Jump to: