Update on MXC Misuse Investigation
This is a public disclosure regarding an incident of (a 3rd parties) MXC misuse occurring on January 17, 2024. The incident has since been resolved as of November 14, 2024, resulting in full recuperation of temporary damages caused.
Dear MXC token holders, investors, and community members,
In this statement, MXC would like to illuminate an investigation that lasted over 10 months and bring further transparency within our ecosystem. Before any misinformation is created by those who may wish to harm the reputation of MXC, we would like to firmly highlight that the incident has been fully resolved, with all damages recouped, and legal prosecution confirmed. No damages have been transferred to token holders, investors, and community members.
On January 17, 2024, MXC detected unusual on-chain activity that could point to a malicious misuse of the MXC Bridge and, on the same day, began an internal investigation. Our investigation concluded that the series of transactions were indeed malicious in nature and linked 6 wallets as responsible participants. Two hours later, an email from a well-informed community member further supported the findings. The damages were measured to be around 30 million MXC tokens.
Upon confirmation of the damage caused and the method of misuse, MXC immediately commissioned a security patch to stop further damages. The patch was completed and a third-party audit was conducted to ensure the efficacy of the security update. Simultaneously, MXC tracked the flow of stolen funds, contacted the destination exchanges, and requested suspension of the accounts.
After continued correspondence, the responsible attacker reached out to MXC and offered to return a portion of the stolen funds in exchange for lifting the suspension. MXC rejected the offer and began investigations to find the identity of the attacker. Within 2 days, the identity of the attacker was revealed, and representatives of MXC were sent to the attacker’s local jurisdiction to open a police case and begin prosecution proceedings.
MXC directly reported the incident to the attacker’s local jurisdiction police, handed over all relevant evidence, and gave a detailed affidavit over 3 sessions that each spanned over 2 hours. Given the malicious nature of the case, it was transferred to the district police force, which conducted additional investigation. A subpoena was sent, and a criminal case was developed.
The accused appointed a lawyer. MXC‘ representatives met with their lawyer in September 2024 and offered terms of agreement which included a full payback of the damages caused. Since then, the attacker has repurchased the full amount, and a safe transfer of the funds has occurred under legal scrutiny. MXC has not yet concluded the length and strength of the potential prosecution and the ongoing litigation.
Through this, we conclude an investigation and legal battle that spanned over 10 months. MXC sincerely thanks the community investigators who continued to provide insight, exchanges that offered immense support, the police forces who collaborated with us with sincerity, and our representatives who fought the fight for justice on the frontlines. MXC is keen to put an end to this matter with zero damages caused to any of our community members.
While our investigation have found zero damages to the users, if you believe you have suffered financial loss due to this isolated incident, please send us the evidence via email to: hello@mxc.org
We thank you for your understanding and look forward to expanding MXC as the DePIN hub together with our community.