On November 16, user assets of the on-chain trading terminal DEXX were stolen, and multiple meme coins experienced large losses for a short period of time early this morning. At present, the security company has not determined the specific amount stolen. There are rumors in the community that the lost assets have reached more than 16 million US dollars.
DEXX founder Roy said this morning that he would compensate users for their losses. So far, many users have reported that account assets have been isolated to safe addresses.
DEXX security vulnerability
After the DEXX theft incident, the community began to examine this exclusive meme trading platform that had been flooded with rebate links, and KOLs who promoted DEXX were also angered by users.
Yu Xian, the founder of the security agency SlowMist, said, “The stolen people are related to the use of DEXX for marketing/MEME speculation. The private key belongs to the centralized custody of DEXX and must have been leaked. As for the leakage method and other investigation disclosures.”
The community found that according to the export_wallet request information in the developer tools, when exporting the DEXX private key, the private key was presented in clear text, which means that the user’s private key is actually on the official server. If the communication is not encrypted, an attacker may intercept the user’s private key during the transmission process. Even if HTTPS transmission is used, direct transmission of the private key may lead to privacy data leakage due to browser vulnerabilities or other security issues.
Therefore, some users joked that “DEXX redefines non-custodial wallets.”
In addition, wallet application OneKey stated that DEXX has repeatedly requested the permission to “upload user clipboard content” and may have uploaded the user’s clipboard content. “If you have copied the private key mnemonic phrase on your phone, transfer the assets as soon as possible.”
DEXX’s audit was completed by Certik, whose audit report showed that DEXX scored 59.31 points. This unsatisfactory score means as many as 9 risks. Among them, the main risk of “centralization” has not been resolved; of the four moderate risks, two have been resolved and two have not been resolved, including “vulnerable code”; and there are four minor risks, only one of which has been resolved.
Some users said that DEXX and various trading bots are naked in terms of security, and the project team without exception focuses on the same mentality – “Users don’t understand or care anyway, and there are lucky peers who do the same but haven’t been caught yet.” Pirates, anyway, if I care about it, I will have to pay a lot of R&D costs and user experience, so I don’t need to care about it.”
Relevant to the fact that both BananaGun and Unibot have experienced theft risks before. Regarding on-chain transactions, it is still “Not Your Keys, Not Your Money”.
Latest information and investigation progress
11-16 14:12
According to GoPlus security monitoring, phishing scams related to rights protection and compensation, such as “Rights Protection Community”, “DEXX Stolen Registration”, and “DEXX Compensation”, have been discovered specifically for DEXX stolen users. Users need to be careful to identify and never upload private keys/mnemonic phrases or connect to wallets for confirmation to avoid secondary harm.
11-16 14:02
Slow Mist founder Yu Xian posted an update on the DEXX incident on social media, saying that Slow Mist has received nearly 500 requests for information related to DEXX being stolen. The analysis of the incident is still in progress, and the current preliminary judgment is that the loss is tens of millions of dollars. (Because the prices of some Meme coins fluctuate too much), the attacker’s address corresponding to almost every victim is different, indicating that the attacker in this incident has been premeditated for a long time, and the relevant gas source was exchanged through XMR 3 days ago.
11-16 13:27
Blockchain security audit company CertiK issued a statement stating that it has recently received a large number of requests for help from DEXX platform users, who reported that their account assets had been emptied. CertiK verified that the security incident occurred on the Solana chain, but the chain was not covered by CertiK’s audit.
CertiK stated that the main cause of the incident was improper management of the private key of the DEXX platform, which led to the leakage of the official private key.
11-16 12:30
SlowMist founder Yu Xian posted a response on social media to the relevant screenshots of “DEXX users have stolen a total of 488 million US dollars” on the Internet, saying that the hacker address corresponding to each victim in the DEXX case is different, and the stolen funds will not be the same. in one address set.
meme price update
11-16 08:56
according to GMGN Market data shows that, perhaps affected by the theft of DEXX, Memes such as BAN, LUCE, and PNUT have declined to varying degrees, among which:
· BAN has fallen approximately 30% since the incident and is now quoted at $0.126
· LUCE has fallen by about 20% since the incident and is now quoted at $0.211
· PNUT has fallen by up to about 12.5% since the incident, and is currently quoted at $1.72
Source link
<p>The post Is it self-stealing or hackers? Tracking the theft of DEXX | Timeline first appeared on CoinBuzzFeed.</p>
