On November 16, 2024, the Dexx platform exposed a major security incident in which a large number of user assets were stolen. According to the preliminary investigation of the Beosin security team, the cause of the incident was suspected to be the leakage of the centralized private key. Since the incident, hackers have continued to perform multi-threaded transfer operations on user assets and stole a large amount of user assets.
Incident review and hacker behavior analysis
The Beosin security team analyzed and found that the earliest transfer time should be 2024-11-16 04:47:23, with the characteristics of multi-threaded transfer, and it is speculated that the attack was carried out by the same attacker. Looking at the previous addresses, it is speculated that the attacker transferred the tokens according to the victim's address balance after conversion and sorting in descending order of value. It is necessary to obtain the currency price of all transferred tokens on November 16, and then calculate the value to verify whether it is the rule. If it is in line with the rules, it is further strengthened that it is the same attacker.
To further confirm the hacker's whereabouts, Beosin has monitored and analyzed the hacker's address and added all relevant addresses to the Beosin#KYTtag library to facilitate real-time tracking and analysis of asset flows.
Risks of private key leakage and centralized custody
The key cause of this incident is suspected to be the leakage of the private key of the centralized custody. The centralized custody model means that the user's private key is kept by the platform. Although it is convenient for transactions and operations, it also has high risks. Once the private key in the platform is leaked or obtained by hackers, the security of the user's assets will be directly threatened.
The Dexx platform’s operation of retaining user private keys obviously poses a great security risk. The Beosin security team pointed out that the centralized hosting model should strengthen privacy management and private key protection measures to avoid unsafe practices such as plain text transmission of private keys.
User safety precautions
In view of the current security risks of the Dexx trading platform, Beosin recommends that users who still have assets on the platform should transfer their funds to other verified, highly secure non-custodial wallets as soon as possible to avoid further losses. To ensure the safety of funds, users should choose non-custodial wallets with a good security record and ensure that the private key is only in the hands of the user.
The following are specific recommendations for users:
Transfer assets immediately: If your assets are still on the Dexx exchange, please transfer them to a personal secure wallet as soon as possible to reduce risks.
Choose a non-custodial wallet: Give priority to wallets that support non-custodial services to ensure that your private keys are completely in your own hands.
Security verification: Before transferring funds, please confirm the security and service record of the target wallet, and try to choose a wallet service with a good security reputation and has passed multiple audits.
The massive theft of user assets on the Dexx trading platform once again reminds crypto asset holders to carefully choose custody services and be wary of the risk of platform private key leakage. Although centralized custody is convenient, it has obvious security risks. It is recommended that users use non-custodial wallets as much as possible and keep private keys in their own hands to maximize the security of assets. Beosin will continue to closely monitor the asset transfer dynamics of the hacker address, strive to help users reduce losses and maintain a safe environment in the crypto market.
Users whose information has been stolen can send emails to provide relevant information, and Beosin can help continuously monitor the movement of funds.
service@beosin.com