Recently, the DEXX platform experienced a severe asset theft crisis. As a cross-chain comprehensive trading tool, DEXX supports fast trading, MEV resistance, strategy trading, and other functions, providing hundreds of thousands of users with a very convenient trading experience during the memecoin market surge. However, on November 16, many users discovered that their account assets had been emptied.
The reason lies in its adoption of a centralized asset custody model similar to exchanges but lacking a corresponding level of security in asset management solutions, making almost all user assets exposed to risk.
This incident not only revealed DEXX's vulnerabilities in asset management but also provided us with an opportunity to deeply understand the risks of custodial wallets.
The Difference Between Custodial and Self-Custodial Accounts
Custodial Accounts: In traditional finance, centralized financial institutions have complete control over user assets, and users must apply to the institution to withdraw funds. For example, the addresses allocated to users by centralized exchanges are only used for deposits, and users do not have operational authority; all transactions, transfers, and withdrawals must be approved by the platform.
This means that the platform's risk control level will significantly affect the security of user assets.
Self-Custodial Accounts: Self-custodial accounts utilize decentralized wallet solutions, allowing users to fully control ownership of their assets. After generating recovery phrases or private keys in a trusted environment, users can transfer assets within the address without requiring anyone's permission.
Whether users exclusively hold the private keys or recovery phrases of their addresses is a key distinguishing feature between custodial and self-custodial accounts.
The Difference Between DEXX Theft and Exchange Theft
Account theft from exchanges typically falls into two categories: either the user's platform custodial account control permissions are exposed, leading to illegal asset transfers, or the platform itself is attacked by hackers, directly moving assets out of the hot wallet, or even stealing cold wallet private keys and recovery phrases.
DEXX employs a similar centralized account structure, allowing users to create addresses on the platform and share address operation permissions with users. However, unlike CEXs, the former does not aggregate users' custodial funds into several centralized addresses for secure management—such as isolating cold and hot wallets, multi-signature management, etc., which creates conditions for single points of failure.
How Users Can Avoid Custodial Risks
Balancing Security and Convenience: Although traditional on-chain trading processes are cumbersome, bypassing these steps in pursuit of trading opportunities increases risk. Therefore, it is recommended that users, fully aware of the risks, appropriately use custodial services to limit exposure to manageable levels.
Do Not Blindly Trust: Do not easily give your address permissions to others or tools. Manage your permissions well during daily use, and avoid using suspicious applications or clicking on unknown links.
Learn Web3 Anti-Fraud Knowledge: Understanding common fraud techniques can help investors avoid most potential risks. Bitrace has compiled a Web3 anti-fraud handbook aimed at helping ordinary investors raise security awareness; you can access it via this link: https://bitrace.io/en/blog
Conclusion
The DEXX incident indicates that while enjoying the conveniences brought by blockchain technology, one must remain vigilant at all times. By understanding the risks associated with custodial wallets and taking appropriate preventive measures, investors can better protect their digital assets.