Author: BlockBeats

 

On November 16, the user assets of the on-chain trading terminal DEXX were stolen, and multiple meme coins experienced a large-scale crash in the early hours of this morning. The security company has not yet determined the specific amount of the theft, and there are rumors in the community that the current loss of assets has reached more than 16 million US dollars.

DEXX founder Roy said this morning that he would compensate users for their losses. So far, many users have reported that their account assets have been isolated to a safe address.

DEXX security vulnerability

After the DEXX theft, the community began to scrutinize this meme-exclusive trading platform that had been flooded with its commission rebate links, and the KOLs who promoted DEXX were also angered by users.

Yu Xian, founder of the security agency SlowMist, said, "The people whose money was stolen were related to using DEXX to make a dog fight/speculate MEME. The private key belongs to DEXX centralized custody and must have been leaked. As for the way it was leaked, we will investigate and disclose it."

The community found that according to the export_wallet request information in the developer tools, when exporting the DEXX private key, the private key is presented in plain text, which means that the user's private key is actually on the official server. If the communication is not encrypted, the attacker may intercept the user's private key during the transmission process. Even if HTTPS is used for transmission, direct transmission of the private key may lead to privacy data leakage due to browser vulnerabilities or other security issues.

Therefore, some users jokingly said that "DEXX redefines non-custodial wallets."

In addition, the wallet application OneKey stated that DEXX has repeatedly requested permission to "upload user clipboard contents" and may have uploaded the user's clipboard contents, saying "If you have copied the private key mnemonics on your phone, transfer your assets as soon as possible."

DEXX's audit was completed by Certik, and the audit report it gave showed that DEXX scored 59.31 points. This failing score means as many as 9 risks. Among them, the main risk of "centralization" has not been resolved; two of the four medium risks have been resolved and two have not been resolved, including "vulnerable code"; and there are four minor risks, only one of which has been resolved.

Some users said that DEXX and various trading bots are all naked in terms of security. The project owners, without exception, have the same mentality: "Users don't understand or care anyway. There are also lucky peers who do the same thing but haven't been stolen. If I care, I will have to pay a lot of R&D costs and user experience costs, so I don't need to care."

Considering that BananaGun and Unibot have previously faced theft risks, the rule for on-chain transactions is still “Not Your Keys, Not Your Money”.

Latest News and Investigation Progress

11-16 14:12

According to GoPlus security monitoring, phishing scams related to rights protection and compensation, such as "rights protection community", "DEXX stolen registration", and "DEXX compensation" have been found specifically for DEXX stolen users. Users should be careful to identify and never upload private keys/mnemonics or connect to wallets for confirmation to avoid secondary damage.

11-16 14:02

Yu Xian, the founder of SlowMist, released an update on the DEXX incident on social media, saying that SlowMist has received nearly 500 requests for information related to the theft of DEXX. The incident analysis is still in progress. The preliminary judgment is that the loss is in the tens of millions of dollars (because the prices of some Meme coins fluctuate too much). The attacker's address corresponding to almost every victim is different, which shows that the attacker of this incident had planned for a long time. The source of the gas was exchanged through XMR 3 days ago.

11-16 13:27

Blockchain security audit company CertiK issued a statement saying that it has recently received a large number of requests for help from DEXX platform users, who reported that their account assets were cleared. CertiK verified and confirmed that the security incident occurred on the Solana chain, but the chain is not within the scope of CertiK's audit coverage.

CertiK stated that the main cause of the incident was improper private key management on the DEXX platform, which led to the leakage of the official private key.

11-16 12:30

Yu Xian, the founder of SlowMist, responded on social media to the screenshots that circulated online that "DEXX users have had a total of 488 million US dollars stolen", saying that the hacker address corresponding to each victim in the DEXX case is different, and the stolen funds will not be concentrated in one address.

meme price update

11-16 08:56

According to GMGN market data, BAN, LUCE, PNUT and other memes have fallen to varying degrees, possibly due to the theft of DEXX. Among them:

BAN has fallen by about 30% since the incident and is currently priced at $0.126

LUCE has fallen by about 20% since the incident and is currently priced at $0.211

PNUT has fallen by as much as 12.5% ​​since the incident and is currently trading at $1.72