On November 16, the user assets of the on-chain trading terminal DEXX were stolen, which instantly set off waves in the crypto market. DEXX is a platform dedicated to memecoin transactions, supporting asset transactions on multiple blockchains. However, the news of the asset theft was like a depth bomb, revealing major flaws hidden in its security mechanism.
DEXX security breach
According to Yu Xian, the founder of the security agency SlowMist, the theft was related to users who used DEXX to trade memecoin, whose private keys were centrally managed by DEXX, which was at risk of leakage. SlowMist's investigation showed that when DEXX exported private keys, they were stored in plain text on the official server, which meant that any attacker could intercept these private keys during data transmission, leading to asset leakage.
DEXX's audit report was provided by Certik, with a score of only 59.31 points, indicating serious security risks.
Image source: Certik
Generally, audit reports divide risks into several levels: fatal, major, moderate, mild, and information-based. DEXX's audit report clearly states that there are four moderate issues - "vulnerable code", and two of them are unresolved, which may be a "foreshadowing" of DEXX's hacker attack.
DEXX latest situation tracking
Amount loss tracking
After the incident on November 16, a large number of users reported that the assets in their accounts were emptied. As soon as the incident happened, SlowMist founder Yu Xian initially estimated that the amount of losses had reached tens of millions of dollars. Community rumors said that the lost assets may be as high as 16.79 million US dollars, among which many memecoins were sold in large amounts, causing the price to fall in a short period of time. According to AICoin data, BAN coins fell by more than 25% within 45 minutes after the incident.
Image source: AICoin
According to the latest statistics from Cosine, the total loss is currently close to 20 million US dollars.
Image source: x
Founder’s response and official actions
DEXX founder Roy responded to the incident, saying that he would compensate users for their losses and was coordinating with law enforcement agencies in multiple locations to conduct investigations. At the same time, DEXX officials released a statement on social media platforms saying that they had cooperated with multiple security agencies to try to track down hacker information and were applying to mark the hacker's wallet address through legal channels.
The latest news is that in order to further pressure the hacker, DEXX issued an ultimatum to the hacker, requiring him to return the stolen funds within 24 hours, otherwise legal action will be taken. DEXX promised that if the funds are returned, it will provide a bug bounty and destroy all information about the hacker.
Image source: x
Security Tips: Protect Your Digital Assets
This incident once again emphasizes the importance that users attach to asset security when using blockchain trading platforms. Here are some security recommendations from AICoin to help users protect their digital assets:
Choose a decentralized wallet: Avoid using wallets that store private keys on servers and choose decentralized wallets that do not host private keys.
Update security settings regularly: Make sure you use the latest security protocols and software versions to prevent exploitation of known vulnerabilities.
Be cautious about unknown links and apps: On social media and in groups, do not click on unfamiliar links and be wary of possible phishing attacks.
Diversify your investments: Avoid concentrating a large amount of assets on one platform or wallet. Diversifying your investments can reduce risks.
Use security tools: Leverage tools such as multi-signature and hardware wallets to increase security.
The theft of DEXX is a warning to its users and the entire industry. With the rapid development of blockchain technology, its security issues have become increasingly important, and both users and platforms should strengthen the identification and prevention of potential risks.
