I was woken up by a group message early in the morning. Everyone said the sky was falling. The wallets of many group members who played DEXX were emptied. Pump Pump is a relatively conservative investor. Although he also plays on-chain pvp, he also uses a familiar wallet to buy manually. He did not pursue "efficiency" by using tools such as on-chain robots, so he escaped.
DEXX was launched on September 25, 2024. It is a platform that has been online for less than 2 months. After its launch, it relied on high rebates to attract new customers to quickly acquire customers.
I was recommended this product some time ago. The official website called itself "Binance on the Chain". I took a look at the product and felt that it was overall rough. Compared with Binance, the experience and smoothness were far behind. It seemed more like a product rushed out in a hurry, so I passed it.
However, there are still many people using it, which shows that under the influence of the meme money-making effect and fomo sentiment, people will selectively ignore many security issues.
On the other hand, there is still a huge market demand for this type of “one-click” product.
⚠️ DEXX has some mysterious operations on the "private key":
1️⃣ It is said to use a "non-custodial wallet", but the user's private key will be uploaded for unified custody (and during the transmission process, is it still in plain text?)
2️⃣ The APP frequently requests the system permission to "obtain the user's clipboard content" (if the private key is copied in the mobile phone, it may be collected and uploaded to the server by DEXX)
These are things that DEXX has not explained. The only statement it has made now is: cooperating with the law enforcement security team and promising to compensate. The total losses so far are $13 million, and it seems like they won't be able to compensate in the end.
Although DEXX is defined as an exchange, it is not like mainstream exchanges such as Binance, which have "margin reserves" and "SAFU funds" to back it up. If things go wrong, it may end up in a mess. 🤣
💡 How to avoid becoming a “hacker’s golden dog”?
1️⃣ Always remember “Not Your Key, Not Your Coin”
The private key must be in your own hands, otherwise the wealth will not belong to you. If the private key is at risk of being leaked, then your wallet balance may have been monitored by hackers, and the transferred funds may be transferred immediately. Please abandon this wallet immediately.
2️⃣ Check wallet authorization and clean up historical authorization regularly
3️⃣ Try not to use some trading software that is of unknown origin and fails security audits
Current security audits may not be reliable, and the audit can only audit the contract part. If it is an APP, the specific implementation is also a "black box" for users.
In the dark forest of the cryptocurrency world, the safest approach is to avoid entering unknown areas and not use trading tools whose details you don’t know. In fact, using OKX and Binance wallets, you can also purchase on-chain tokens quickly and conveniently.
Finally, I hope that friends who have suffered financial losses can recover their losses, and other friends can learn from it and improve their safety awareness👼