I. Introduction: A security crisis that shocked the on-chain trading circle
In November 2024, a major security incident at the on-chain trading platform DEXX shook the entire industry. A hacker attack resulted in a massive theft of user assets, with losses quickly climbing to tens of millions of dollars. This incident exposed fatal flaws in DEXX's security architecture, transforming it from a platform that touted 'non-custodial' features and was highly regarded by users for its convenient and efficient trading experience, into a negative example of industry discussion.
With the vigorous development of the DeFi ecosystem, on-chain trading tools have experienced explosive growth. These tools attract many users with their selling points of 'decentralization' and 'non-custodial'. However, the DEXX incident proves that behind convenience often lies huge security risks.
Why is the DEXX incident worthy of every on-chain trader's attention?
Revealing systemic security hidden dangers: The incident exposed common vulnerabilities in the design and operation of on-chain trading tools.
Reflecting on the truth of 'non-custodial': Uncovering the veil of some platforms' abuse of the 'non-custodial' concept to cover up security issues.
Enhancing user risk awareness: Providing valuable warnings for users and developers, emphasizing the importance of security education and prevention.
The DEXX incident is not only a security crisis but also a profound questioning of the industry's current state: how to balance innovation and security within a decentralized framework?
II. In-depth analysis of the DEXX incident
Platform positioning and business model
DEXX is a decentralized trading platform focused on on-chain meme coin trading, supporting multi-chain asset trading such as SOL, ETH, BSC, and providing automated trading tools and liquidity management services. Through smart contracts, it offers a convenient trading experience, DEXX was once regarded as a benchmark for on-chain trading tools. However, this incident revealed fatal flaws in the platform's technical architecture.
Misunderstandings of the 'non-custodial' concept
Although DEXX claims to adopt a 'non-custodial' model, allowing users to control private keys, there are many risks in actual operation:
Plain text storage of private keys: Users export private keys without encryption, making them easily intercepted by hackers during transmission.
Centralized permissions: The permission management system designed by the platform is too broad, granting the platform actual control over user assets.
Smart contract risks: Smart contracts that have not undergone sufficient audits may contain backdoors, allowing unauthorized operations.
Security vulnerability analysis
From a technical perspective, DEXX has the following main security risks:
Improper private key storage: The platform secretly records user private keys, allowing hackers to gain full control of assets once they invade.
Weak permission management: Authorization logic fails to categorize or restrict, leading to potential abuse of user assets by the platform.
Insufficient code audits: Audit reports indicate that the platform has several high-risk vulnerabilities, among which the 'centralization' issue is particularly serious.
Affected asset statistics
According to on-chain data analysis, the asset losses caused by this incident include:
Mainstream tokens: such as ETH, SOL, etc.
Stablecoins: such as USDT, USDC.
Meme coins: such as BAN, LUCE, etc., prices have significantly dropped due to large selling pressure.
The DEXX incident not only caused economic losses to users but also dealt a devastating blow to the trustworthiness of the entire on-chain trading tool industry.
III. The wake-up call: Common problems of on-chain trading tools
1. The truth of 'non-custodial'
'Non-custodial' tools are regarded as the security benchmark for decentralized trading, but many platforms do not truly achieve autonomous control of assets in actual operations:
Abuse of permissions: Requiring users to grant excessive permissions, leading to overly centralized assets.
Implicit custody: Private keys may be stored and managed by the platform, making security depend on the platform's technical capabilities.
Contract backdoors: Some smart contracts embed administrator privileges, allowing the platform to bypass user authorizations.
2. The security dilemma of trading bots
While automated trading tools provide convenient trading, they also introduce the following risks:
High permission requirements: Trading bots need access to user private keys or API keys, significantly increasing risks.
Logical vulnerabilities: Complex trading logic may be exploited by attackers, leading to abnormal transactions or market manipulation.
Centralized control: Many bots store user assets under platform control to improve trading speed, making them easy targets for attacks.
3. Technical challenges of private key management
Private key management as the core of on-chain security faces the following challenges:
The conflict between convenience and security: Offline storage is secure but complex to operate; online storage is convenient but carries high risks.
Weak backup mechanisms: Users often face risks due to improper backups (e.g., plain text storage).
Improper allocation of permissions: Authorization logic lacks refined management, and once permissions are leaked, the consequences can be severe.
4. Common issues of similar platforms
Analysis shows that on-chain trading tools generally have the following problems:
Insufficient audits: Many platforms have not undergone comprehensive third-party security audits.
Weak risk control: No comprehensive transaction monitoring and emergency response mechanisms have been established.
Lack of user education: Users lack basic understanding of authorization logic and security operations, and the platform has not provided effective guidance.
The DEXX incident highlights the shortcomings of on-chain trading tools in terms of security. To promote healthy industry development, platforms, users, and regulatory bodies must work together to strengthen technical and operational norms.
IV. User Emergency Self-Rescue Guide (Practical Edition)
The DEXX incident exposed the security shortcomings in on-chain transactions and served as a wake-up call for users. In the event of a similar crisis, users need to take swift action to minimize losses while establishing long-term security prevention mechanisms. Here are detailed operational guidelines and security suggestions.
Take action now
Check asset damage status
Use blockchain explorers (e.g., Etherscan, Solscan) to view the transaction records of wallets and confirm whether there are abnormal transfers.
Verify asset balances to assess whether any assets have been stolen.
Check the authorization status of smart contracts to identify potentially risky authorization records.
Prioritize protecting high-value assets and formulate timely transfer plans.
Emergency asset transfer steps
Prepare a brand new and secure wallet address, ensuring that the private key has not been leaked.
Transfer in order of asset importance (e.g., stablecoins, mainstream tokens).
Operate in a secure network environment, avoiding public Wi-Fi and infected devices.
Set appropriate Gas fees to ensure transfer transactions are completed as quickly as possible.
Revoke authorization operations
Use tools (e.g., Revoke.cash) to check and revoke suspicious authorizations to prevent hackers from exploiting them.
Prioritize revoking authorizations for high-risk contracts and retain operation records for future investigation.
Increase Gas fees to speed up the revocation of authorizations and prevent attackers from acting first.
Preservation of evidence
Take screenshots of relevant transaction records, including timestamps, transaction hashes, contract addresses, and other details.
Export the complete transaction history of the wallet as case materials.
Save all communication records with the platform (emails, announcements, social media screenshots).
Collect media reports and official statements for future rights protection and compensation requests.
Reporting and rights protection guide
Report to the local cyber police or cybersecurity department, providing complete transaction records and event descriptions.
Contact professional blockchain security companies to assist in tracing stolen assets.
Keep the report receipt and seek help from a professional legal team to plan cross-border or complex rights protection strategies.
Join victim rights protection groups to share information and action plans with other victims.
Continuous prevention
Best practices for secure private key storage
Use hardware wallets (e.g., Ledger, Trezor) to store high-value assets, ensuring physical security.
Regularly back up mnemonic phrases or private keys, using multi-layer encryption protection and decentralized storage.
Avoid storing private keys in cloud services or online devices to reduce theft risks.
Asset decentralized management strategy
Distinguish between hot wallets (for trading) and cold wallets (for long-term storage).
Allocate assets based on purpose, such as independently setting up wallets for investment and daily transactions.
Regularly check asset distribution to ensure appropriate risk diversification.
Security trading tool selection criteria
Investigate the team background, technical strength, and security of the tool or platform.
Confirm whether the platform has undergone security audits by authoritative organizations and read detailed audit reports.
Pay attention to community feedback to understand user evaluations of the tool and how past security incidents were handled.
Daily operation security checklist
Operate in a trusted network environment, avoiding public Wi-Fi.
Regularly update the security software of devices and enable antivirus and firewall protection.
Treat authorization requests cautiously, especially unknown or unaudited smart contracts.
Use account monitoring tools to set transaction alerts to timely detect abnormal behaviors.
V. Advanced Protection: Build a Personal Asset Security Moat
The security issues of on-chain assets are long-term and complex, especially in the context of frequent security incidents involving trading tools and platforms. To enhance security protection capabilities, users need to establish a comprehensive 'security moat' from basic hardware to technical configuration. Here is an advanced protection guide tailored for users.
1. Hardware wallet usage guide
Hardware wallets, due to their offline storage characteristics, have become the best choice for protecting digital assets, but correct usage is a prerequisite for ensuring security.
Purchase genuine hardware wallets
Buy mainstream brands (e.g., Ledger, Trezor, Onekey) through official channels to avoid counterfeit products. Avoid using second-hand devices to prevent tampering.Security activation and initialization
Complete the hardware wallet initialization in an offline environment, generate mnemonic phrases, and ensure they are not recorded or leaked by others.Backup of mnemonic phrases and private keys
Record mnemonic phrases on fireproof and waterproof media (e.g., metal plates or paper), storing them in multiple secure locations, avoiding digital storage.Daily usage precautions
Connect the hardware wallet only in trusted network environments, avoiding public Wi-Fi or insecure devices. Regularly update device firmware to fix known vulnerabilities.
II. Multi-signature wallet configuration
Multi-signature wallets (Multi-Sig) are an advanced security tool suitable for high-net-worth asset management, enhancing operational security by setting multiple authorizations.
Set multi-signature threshold
Determine the authorization threshold for multi-signatures (e.g., 3/5 or 2/3) to ensure a balance between security and convenience.Configure signer permissions
Clarify the permissions and responsibilities of each signer to avoid centralized permissions or single points of failure.Establish signing rules
Set differentiated authorization thresholds for different types of transactions (e.g., asset transfers, smart contract interactions).Emergency recovery plan
Configure backup signers or emergency recovery permissions to ensure that assets are not permanently locked when the main signer cannot operate.
III. Trading tool security assessment framework
When choosing on-chain trading tools or platforms, users should systematically evaluate their security and credibility.
Code openness level
Prioritize choosing open-source tools that allow the community to review the code and timely discover and fix vulnerabilities.Smart contract audit status
Check whether the tool has undergone security audits by authoritative organizations (e.g., SlowMist) and carefully read relevant audit reports.Team background investigation
Understand the technical background and past project history of the development team to assess their credibility and professional level.Community activity and user feedback
Analyze community feedback and activity level regarding the tool, especially focusing on how past security incidents were handled.Risk control mechanisms
Investigate whether the platform provides risk control measures such as multi-signature, transaction anomaly alerts, and whether it has asset insurance mechanisms.
4. Recommended on-chain security monitoring tools
Professional on-chain monitoring tools can help users keep track of asset dynamics in real-time and promptly detect potential threats.
Asset monitoring tools
Recommended tools: DeBank, Zapper
Function: Multi-chain asset balance and transaction record tracking, helping users have a comprehensive grasp of asset status.
Contract monitoring tool
Recommended tools: Tenderly, Defender, Goplus
Function: Real-time detection of smart contract operation status, identifying potential vulnerabilities or abnormal behaviors.
Transaction monitoring tool
Recommended tools: Nansen, Dune Analytics
Function: Analyzing on-chain transaction data, tracking fund flows, and promptly detecting abnormal operations.
Risk warning tool
Recommended tool: Forta Network
Function: Provides real-time on-chain risk warnings and attack detection, helping users take protective measures at the first moment.
VI. Reflection and Outlook
The impact of the DEXX incident is not limited to the affected users; it also serves as a wake-up call for the entire industry. It reveals the potential risks in the technical architecture and operational models of on-chain trading tools, while providing deep reflections and improvement directions for project parties, users, and industry development.
1. The responsibility boundaries of project parties
Project parties play a dual role as technical developers and operators in the on-chain ecosystem, with their responsibilities covering security, transparency, and risk management.
Basic security responsibilities
Code security audit: Regularly undergo authoritative third-party security audits to ensure the security of smart contracts and systems.
Vulnerability bounty programs: Attract the community and security experts to actively discover vulnerabilities and provide solutions.
Risk reserve system: Establish a special fund to compensate user losses in security incidents.
Emergency response mechanism: Establish a professional team to promptly respond to and handle security incidents, reducing the impact range.
Information disclosure responsibilities
Risk warning obligations: Clearly inform potential risks and safety recommendations before user authorization or platform usage.
Timeliness of incident reporting: After a security incident occurs, promptly disclose the situation to users and provide solutions.
Loss compensation plan: Establish clear compensation rules to avoid trust collapse in the aftermath of incidents.
Technical architecture transparency: Publicly disclose the platform's technical architecture and permission management mechanisms to accept user supervision.
2. The boundaries of KOL promotion responsibilities and credibility identification
As an industry opinion leader (KOL), their promotional behavior has a profound impact on user decisions and trust. It is especially important to clarify their responsibility boundaries and assess their credibility.
KOL's responsibility definition
Due diligence obligations: Thoroughly understand the technical background and security of any project before promoting it.
Information verification responsibility: Verify whether the promises of the project party are consistent with the actual situation to avoid misleading users.
Disclosure of interests: Publicly disclose cooperation relationships and commission models with project parties to ensure transparency.
Risk warning requirements: Include risk warnings in promotions to guide users to make independent judgments.
Credibility assessment indicators
Professional background: Whether the KOL has professional knowledge and industry experience in the blockchain field.
Historical promotion record: Whether their past promoted projects are safe and reliable, and how user evaluations are.
Interest relevance: Whether there is excessive reliance on promotional income behavior, affecting objectivity.
Adequacy of risk warnings: Whether the potential risks of the project are fully explained and suggestions are made.
III. The awakening of user security awareness
Users are the last line of defense in the on-chain ecosystem. Enhancing user security awareness is key to preventing asset loss.
Basic security awareness
Private key security management: Properly store private keys and mnemonic phrases, avoiding online storage or transmission through insecure channels.
Authorization prudence principle: Carefully evaluate smart contract authorization requests and avoid excessive authorization as much as possible.
Asset decentralized storage: Distribute assets across multiple wallets to reduce the risk of single point failure.
Risk control awareness: Regularly check authorization status, revoke unnecessary permissions, and maintain account security.
Advanced security practices
Multi-signature use: Increase the operational threshold for high-value assets through multi-signatures.
Security tool configuration: Use hardware wallets and on-chain monitoring tools to build a comprehensive protection system.
Regular security checks: Check wallet status, authorization records, and asset distribution, and identify potential hazards.
Emergency plan preparation: Develop clear emergency plans to take swift action when assets are stolen.
4. The development direction of on-chain trading tools
Future on-chain trading tools need to achieve comprehensive optimization in technology and operations to regain user trust and promote industry development.
Technical architecture optimization
Refined permission management: Restrict the scope of permission granting to avoid excessive authorization.
Multi-verification mechanism: Introduce dual verification or dynamic authorization to enhance operational security.
Smart risk control system: Combine real-time monitoring and automatic alerts to timely detect and handle abnormal behaviors.
Increased decentralization: Reduce reliance on centralized components to truly achieve autonomous control over assets.
Improvement of security mechanisms
Introduce insurance mechanisms: Provide security guarantees for user assets through insurance products.
Upgrading the risk control system: Using AI and big data to build a dynamic risk prevention and control mechanism.
Normalization of audits: Incorporate third-party security audits into the daily operation processes of projects to ensure continuous improvement.
Full scenario monitoring: Cover both on-chain and off-chain security scenarios to comprehensively reduce asset risks.
5. The balance between security and convenience
On-chain trading tools must find a balance between security and user experience to better meet user needs.
Technical aspects
Simplify the security operation process: Reduce user operation difficulty by optimizing interface design and guidance.
Optimize user experience: Enhance operational smoothness and efficiency without sacrificing security.
Automated security checks: Integrate intelligent tools to automatically remind users of potential security risks.
Personalized risk control settings: Allow users to customize risk control rules according to their needs.
User level
Differentiated security solutions: Provide tiered security solutions for different users.
Flexible authorization mechanisms: Support users in quickly adjusting authorization scopes in different scenarios to meet diverse needs.
Convenient emergency handling: Provide one-click revocation of authorization and emergency lock functions to ensure a rapid response to security incidents.
Conclusion
The DEXX incident is not only a security accident but also a profound reflection on the entire industry. It reminds us that technological innovation cannot come at the expense of security. Only by placing the protection of user assets at the core can the industry truly achieve long-term healthy development.
For users, this is a mandatory course to improve security awareness; for project parties, this is an urgent task to improve security mechanisms; for all parties in the industry, this is an opportunity to promote standardization and healthy competition. Only by finding the best balance between innovation and safety can on-chain trading tools fulfill the promise of decentralization and create real value for users.
The DEXX incident will become a thing of the past, but the warnings it brought will guide the future. Let us learn from it and work together to push the blockchain ecosystem towards a safer, more mature, and trustworthy tomorrow.
About us
Hotcoin Research, as the core investment research department of Hotcoin, is committed to providing detailed and professional analysis for the cryptocurrency market. Our goal is to provide clear market insights and practical operation guidelines for investors of different levels. Our professional content includes the 'Play and Earn Web3' series of tutorials, in-depth analysis of cryptocurrency industry trends, detailed analysis of potential projects, and real-time market observations. Whether you are a newcomer exploring the crypto field for the first time or a seasoned investor seeking in-depth insights, Hotcoin will be your reliable partner in understanding and seizing market opportunities.
Risk warnings
The cryptocurrency market is highly volatile, and investment itself carries risks. We strongly recommend that investors make investments based on a complete understanding of these risks and within a strict risk management framework to ensure fund safety.
Website: https://www.hotcoin.com/
X: x.com/Hotcoin_Academy
Mail: labs@hotcoin.com
Medium: medium.com/@hotcoinglobalofficial
