As of November 17, the data statistics for BTC, ETH, and TON on the TrendX platform are as follows:
BTC was discussed 18.23K times last week, down 13.67% from the week before; the price last Sunday was $91,956, up 13.2% from the Sunday before.
ETH was discussed 4.27K times last week, down 26.98% from the week before; the price last Sunday was $3,134, down 2% from the Sunday before.
TON was discussed 777 times last week, down 3.63% from the week before; the price last Sunday was $5.52, up 0.2% from the Sunday before.
On the night of November 16, the decentralized trading platform DEXX suffered a major cyber attack, resulting in the illegal transfer of many users' assets. According to the reactions of affected users, DEXX may have suffered losses of up to tens of millions of dollars due to this attack, with the exact figures still being counted, but the total amount is estimated to be over 100 million dollars. Web3 security expert and Slow Mist Technology founder Yu Xian pointed out that user private key information has been leaked, but the specific leak route is still under further investigation. Trust in the DEXX platform has plummeted to freezing point, with suspicions of self-theft. Despite the murky truth, this large-scale theft incident at DEXX has caused significant damage to the recently very active on-chain Meme market, while also reminding people to pay attention to the security of on-chain assets.
Is DEXX involved in self-theft? Latest developments on the incident
DEXX holds an important position in the Meme space, being an on-chain DEX specifically providing trading and liquidity for Meme tokens, and also supports the launch, staking, and lending services of Meme coin projects, forming a complete Meme financial ecosystem. DEXX’s daily trading volume ranks among the top in DEXs over the long term and is known as the on-chain 'Binance' of the Meme coin market. Regarding the recent user private key theft issue, DEXX operates through smart contracts, allowing users to control their asset private keys, theoretically making it safer. So where exactly does the problem lie?
According to monitoring by the Bit Jungle system, preliminary investigations have confirmed that a large-scale theft of user assets occurred on the DEXX trading platform, with stolen funds reaching over 100 million, and hackers are still actively transferring user assets. In-depth technical analysis reveals the following serious security issues with the DEXX trading platform:
Private key storage: The platform is a non-custodial platform but has recorded user private keys; once the system is attacked, hackers can easily obtain user private keys and steal user assets.
Plaintext transmission of private key exports: The platform did not take any encryption measures when users exported their private keys, resulting in the private keys being exposed in plaintext during transmission, making them easily intercepted by hackers.
DEXX official statement:
On November 17, the latest news states that DEXX founder Roy responded to questions about his disappearance on platform X, stating: 'Due to special reasons, we cannot update the situation at the moment. Please give us some more time to handle it satisfactorily.' The day before, DEXX officially stated that the team is working hard to resolve the issue, assuring there is no rug pull, and that further progress will be communicated promptly. In response, Roy stated that they would compensate and that a portion of users have been isolated.
Market reaction:
However, as the statistics of the stolen amounts continue to rise, will DEXX truly compensate users for their losses? Most users scoff at this and do not believe Roy's claims of compensation, considering it a case of self-theft by the platform, with trust in the DEXX platform completely plummeting.
Some users have reported that DEXX and various trading bots are completely exposed in terms of security. The community discovered that according to the export_wallet request information in the developer tools, when exporting DEXX private keys, the keys are presented in plaintext, indicating that user private keys are actually on the official server. If communication is not encrypted, attackers may intercept user private keys during transmission, and even using HTTPS could lead to privacy data leaks due to browser vulnerabilities or other security issues. Therefore, some users jokingly say 'DEXX has redefined non-custodial wallets.'
Additionally, the wallet application OneKey has indicated that DEXX has repeatedly requested permission to 'upload user clipboard contents,' which may have uploaded users' clipboard contents, stating 'If you have copied private key mnemonic phrases on your phone, transfer your assets as soon as possible.'
Which Meme coins could be dumped? What impact could this have on the future market?
According to GMGN market data on the 16th, possibly affected by the DEXX theft, Meme coins like BAN, LUCE, and PNUT experienced varying degrees of decline, including:
· BAN has dropped approximately 30% since the incident occurred
· LUCE has dropped approximately 20% since the incident occurred
· PNUT has dropped approximately 12.5% since the incident occurred
Key point emphasized one:
This hacking incident is not over! If the DEXX security team cannot resolve the issue in a timely manner, hackers will continue to steal DEXX users' assets. As for the stolen amount, as of the 17th, based on information from over 500 victims, it can be confirmed that at least $13 million has been stolen. But this is just the figure counted up to the 17th, and the amount stolen may be far greater, as there are also many recently popular Meme coins that have been taken, according to current disclosures by Twitter users, including tokens like $BAN, $PNUT, $BITCAT, and SOL. We remind everyone that especially on-chain Meme coins, which often have poor liquidity, are high-risk assets.
Key point emphasized two:
Regarding the funds that have already been stolen by hackers, the Web3 security team Beosin Alert stated on the 16th that the hackers have not yet transferred them. They have collected about 2,800 victim addresses and analyzed over 9,000 transactions of stolen funds. According to their analysis, the stolen funds are currently still stored in addresses controlled by the hackers, with no signs of transfer.
This means that the hackers have not yet exposed their 'ultimate goal'; it is like a knife hanging above, and no one knows whether these Meme coins will be suddenly sold off, combined with the common FOMO sentiment buff in the Meme space... Therefore, this incident could have immeasurable effects on the Meme sector and even the entire crypto market, potentially causing many Meme coins to plummet, leading to a setback in the recently booming Meme sector, thus affecting the vitality and confidence of the entire crypto market.
What is the safest way to manage funds?
The Meme sector is undoubtedly a hotspot for wealth creation in the current bull market, with on-chain transactions and the use of various automated tools (especially BOTs) becoming the new norm for users. Previous projects like Bananagun and Unibot have experienced theft incidents, and the DEXX incident will not be the last. Therefore, the industry needs to maintain a high level of vigilance regarding security issues, and we investors must always remain alert to ensure the safety of our assets.
Users can take the following measures when managing funds to ensure the safety of their assets:
Use hardware wallets to store assets
Hardware wallets are a type of cold wallet that do not connect to the internet, thus avoiding most online attacks. It is recommended that users choose mainstream hardware wallets like Ledger or Trezor. It is important to ensure the wallet firmware is up to date. Safeguard mnemonic phrases properly and avoid storing them digitally (such as taking photos or saving in the cloud).
Diversify asset storage
Avoid 'single points of failure' by diversifying funds across multiple wallets, rather than concentrating them in a single address or exchange. It is recommended to store main assets in cold wallets and keep a small amount of trading funds in hot wallets.
Choose decentralized custody solutions
It is recommended that users choose verified and genuine decentralized custody solutions to avoid the risks of centralized exchanges. Solutions like multi-signature wallets require multiple signatories to approve transactions, further enhancing security.
Review the security of exchanges or platforms
Confirm whether the exchange regularly conducts third-party security audits, and whether the platform implements recommendations from these audits to rectify and enhance user account asset security. Users with certain conditions should ideally understand the platform's fund custody mechanisms (like hot/cold wallet ratios, multi-signature protection, etc.).
Purchase insurance or participate in decentralized risk hedging
In addition to the above actions, users can purchase crypto insurance against hacker attacks (such as InsurAce, Bridge Mutual).
Here are some security tips we have prepared for everyone:
Be cautious with recommendations: Research product mechanics thoroughly before trusting others' recommendations, and it is recommended to use automated tools (like BOTs) that do not store private keys on servers.
Choose reputable tools: Prioritize those automated tools (like BOTs) that have been running for a longer time, have a strong team, and have no history of security issues.
Beware of online scams: On any social platform, such as TG groups, do not click on unknown links or respond to any unsolicited private messages.
Protect large transactions: Regardless of the tools used, after completing large fund transactions, it is advisable to transfer the funds to a wallet that you control.
Additionally, we also recommend everyone read or re-read the 'Self-Rescue Manual for the Blockchain Dark Forest' by Yu Xian, the founder of Slow Mist Technology; safety first when navigating the blockchain dark forest.
Research report
Follow us
TrendX: TrendX-No.1 Web3 investment opportunity and platform, relying on industry-leading AI analysis technology and on-chain/off-chain trend tracking technology to analyze dynamic data from billions in real-time, capturing investment opportunities and providing investment advice to users through intuitive interactive methods, adhering to the philosophy that 'change is opportunity,' and striving to become the preferred Web3 investment platform for users.
Investment carries risks, and projects are for reference only; please bear the risks yourself.
