Recently, the DEXX platform encountered a severe asset theft crisis. As a multi-chain compatible on-chain comprehensive trading tool, DEXX supports fast trading, MEV resistance, strategy trading, and other functions, providing an extremely convenient trading experience for hundreds of thousands of users during the memecoin market surge. However, on November 16, many users found their account assets emptied.
The reason lies in its adoption of a centralized asset custody model similar to exchanges, but without implementing a corresponding security-level asset management scheme. This architecture exposes nearly all users' assets to risk.
This incident not only revealed DEXX's vulnerabilities in asset management but also provided us with an opportunity to deeply understand the risks of custodial wallets.
The difference between custodial accounts and self-custodial accounts
Custodial accounts: In traditional finance, centralized financial institutions have complete control over user assets, and users must apply to the institution to redeem funds. For example, the addresses allocated to users by centralized exchanges are only for deposits, and users do not have operational authority; all transactions, transfers, and withdrawals must be approved by the platform.
This means that the level of risk control on the platform will greatly affect the security of user assets.
Self-custodial accounts: Self-custodial accounts utilize decentralized wallet solutions, where users fully control their asset ownership. After generating a mnemonic or private key in a trusted environment, users can transfer assets within the address without anyone's permission.
Whether users exclusively hold the private key or mnemonic of the address is a key feature distinguishing custodial from self-custodial.
Difference between DEXX theft and exchange theft
Exchange account theft generally falls into two categories: the user's platform custodial account control permissions are exposed, leading to illegal asset transfers, or the platform itself is hacked, resulting in direct asset transfers from the hot wallet, or even the private keys and mnemonics of the cold wallet being stolen.
DEXX adopts a similar centralized account structure, allowing users to create addresses on the platform and share address operation permissions with users. However, unlike CEX, the former does not aggregate users' custodial funds into several centralized addresses for security management—such as cold and hot wallet isolation, multi-signature management, etc., which also creates conditions for single points of failure.
How users can avoid custodial risks
The trade-off between security and convenience: Although traditional on-chain transaction steps are cumbersome, bypassing these steps to pursue trading opportunities increases risk. Therefore, it is recommended that users adopt custodial services appropriately while fully recognizing the risks, keeping their risk exposure within a manageable range.
Do not trust blindly: Do not easily hand over your address permissions to others or tools. Manage your permissions well in daily use, avoiding suspicious applications or clicking on unknown links.
Learn Web3 anti-fraud knowledge: Understanding common fraud techniques can help investors avoid most potential risks. Bitrace has compiled a Web3 anti-fraud manual aimed at helping ordinary investors enhance their security awareness. You can access it via this link: https://bitrace.io/en/blog
Conclusion
The DEXX incident indicates that while enjoying the conveniences brought by blockchain technology, one must remain vigilant. By understanding the risks of custodial wallets and taking appropriate preventive measures, investors will be better able to protect their digital assets.