The Dexx hacking incident was like an earthquake that shocked the web3 industry, causing unprecedented impact across the web3 and DeFi fields. This incident not only exposed deep vulnerabilities in the technical architecture of ordinary decentralized exchanges (DEX) but also triggered a crisis of trust and rethinking in decentralized finance - users suffered heavy losses, the industry's reputation was damaged, and some began to question whether the safe, efficient, and fair financial vision advocated by DeFi could truly be realized.
However, crises are often opportunities for deepening understanding and transformation. From technology to governance, from theory to practice, this incident provides us with an opportunity to re-examine DeFi. We will analyze the Dexx hacking incident in depth based on the event itself, combining event analysis, theoretical research, and predictions of future technological trends, and explore how products and security solutions represented by Hibit can promote DeFi towards true maturity.
One, Review of the Dexx Hacking Incident
1.1 Core details of the Dexx incident
According to public information, Dexx suffered losses of up to $40 million from the attack, and this number is still increasing, with thousands of users suffering losses - an official statement was issued at 4 AM on November 16, 2024, warning of the phenomenon of user tokens being transferred away, and several professional auditing teams have begun analysis and investigation. At 6:40 PM on the same day, DEXX issued a statement: 1. The team has communicated with law enforcement agencies in multiple locations for case filing; 2. They hope to communicate with the hacker; 3. The SlowMist team has been engaged to assess and investigate all user funds affected and the flow of hacker funds; 4. They are discussing follow-up solutions for users. However, a complete solution has yet to be achieved. After analysis by the Hibit team, this attack primarily exploited the following types of vulnerabilities:
(1) Smart contract vulnerabilities: reentrancy attacks
Hackers repeatedly extracted funds through the 'reentrancy vulnerability' present in the smart contract of the Dexx liquidity pool. Reentrancy attacks are a common vulnerability in smart contracts, allowing attackers to repeatedly call a function to complete asset withdrawals when the contract permits external calls before updating its internal state. This issue typically arises from a lack of verification (Formal Verification) and auditing during the code development phase.
(2) Centralized key management systems being compromised
Although Dexx claims to be a fully decentralized platform, its key operations (such as minting and withdrawals) still rely on centralized servers for permission management, and Dexx's actual wallet operations are custodial wallets with strict security vulnerabilities. Therefore, Dexx is not a truly decentralized DEX, and because of this, its security issues are tightly bound - these servers have become the main targets for hackers. Once the servers are breached, attackers gain control over the platform's core functions and user private keys.
(3) Lack of transaction verification mechanisms and anti-money laundering (AML) systems
Dexx's transaction verification mechanism failed to timely detect abnormal large withdrawals and frequent transaction behaviors. Due to the lack of real-time monitoring and big data analysis tools, the platform was unable to swiftly stop the outflow of funds when the hackers began their actions. Additionally, the hackers used privacy-enhancing technologies (such as mixing services) to quickly transfer funds out of the platform, exposing Dexx's deficiencies in anti-money laundering systems and transaction tracking capabilities.
1.2 User losses and market impact
Thousands of users suffered direct losses, even losing all their investment assets. The aftermath of the incident led to a sharp decline in liquidity on the Dexx platform, severely impacting the confidence of the entire DeFi market. According to statistics from the Hibit team, the average daily trading volume across the industry DEX decreased by 15% after this incident, and user activity also dropped by 20%.
This series of consequences indicates that security issues are not only technical challenges but also the bottom line of user trust. A single security vulnerability can cause the trust accumulated by a platform over many years to collapse in an instant.
Two, Theoretical Analysis: The Essence and Risks of Decentralized Finance
2.1 Theoretical foundation of decentralized economics
(1) Transaction cost economics: the efficiency paradox of decentralization
One of the theoretical foundations of decentralized finance (DeFi) is Transaction Cost Economics (Coase, 1937). Coase proposed that transaction costs could be significantly reduced by minimizing intermediary steps. However, in the practice of DeFi, we see an 'efficiency paradox': although intermediaries have been removed, new risks and costs have emerged.
For instance, the Dexx hacking incident exposed vulnerabilities in smart contracts, making this technical risk a new form of transaction cost. Users of DeFi platforms must bear the uncertainties brought by hacker attacks, smart contract errors, and governance failures. According to a study in 2023 (Xu et al., Journal of Blockchain Research), the average transaction risk cost for DeFi is 30%-50% higher than that of traditional finance, which is directly related to the complexity of smart contracts and the fragility of decentralized architectures.
(2) Imbalance between capital returns and risk transfer
From the perspective of Modern Portfolio Theory (Markowitz, 1952), the ideal state of decentralized finance is to improve capital allocation efficiency through diversification and intermediary-free transactions. However, the Dexx hacking incident revealed an imbalance between capital returns and risk distribution. DeFi platforms often rely on liquidity providers (LPs) to support funding pools, and once the platform is attacked, losses are concentrated on ordinary users rather than the platform or technology providers. Additionally, a study in 2024 (Zhang et al., DeFi Risk Assessment) indicated that user losses account for over 80% of total losses from hacker attacks in DeFi platforms, a phenomenon that is relatively lower in traditional financial systems. This risk transfer mechanism poses significant challenges to the risk diversification logic of DeFi platforms.
2.2 Analysis of computer and security architecture
(1) Smart contract vulnerabilities: theory and practice
Smart contracts are at the core of DeFi, but their code design vulnerabilities lead to frequent security incidents. In 2024, a study published by Liu et al. in ACM Computing Surveys summarized common types of smart contract vulnerabilities, especially reentrancy attacks (such as those encountered by Dexx). The study pointed out that over 45% of DeFi security incidents are attributed to code vulnerabilities in smart contracts, mainly due to the lack of formal verification tools and dynamic monitoring mechanisms within development teams.
- Formal Verification: Verifying whether smart contracts comply with specified specifications through mathematical models can significantly reduce code defects. Luu et al. (2016) noted in Ethereum's Future that formal verification is crucial for the security of complex smart contracts. However, currently, less than 20% of DeFi platforms use this technology, leading many platforms to rely on traditional code audits that cannot cope with high-complexity attacks.
- Dynamic defense mechanisms: For example, time locks and transaction caps are effective means to respond to large abnormal transactions. However, in Dexx, these mechanisms were completely missing, allowing attackers to rapidly extract large amounts of funds in a short period.
(2) Decentralization and innovation of key management
Dexx's centralized key management is the core vulnerability of this incident. In contrast, threshold cryptography provides a more secure solution for decentralized key management: this method allows the key to be split into multiple parts, held by multiple nodes, and verified collaboratively. Even if one node is compromised, the key remains secure. In 2023, joint research by IBM and Hyperledger indicated that decentralized systems using threshold cryptography reduced the risk of single points of failure by over 70%.
(3) Anti-phishing and social engineering authentication technologies
Despite ongoing upgrades to technical security defenses, social engineering attacks remain one of the main threats to DeFi. Research indicates that about 40% of hacking incidents involve phishing attacks. Anti-phishing authentication technologies such as the FIDO2 standard and behavioral analysis AI can significantly reduce risks caused by user operational errors. For example, FIDO2 provides a passwordless multi-factor authentication experience through biometric technology and hardware authentication keys. In 2024, Cryptocom fully integrated the FIDO2 standard into its wallet, reducing account theft incidents by 65%.
2.3 Governance theory and trust mechanisms in DeFi platforms
(1) Dynamic governance and decentralized autonomy
The Dexx incident reflects serious flaws at the governance level. Despite claiming to be decentralized, the actual decision-making mechanism of the platform is highly centralized and failed to respond quickly when the incident broke out. This phenomenon of 'pseudo-decentralization' is not uncommon in the DeFi industry. DAOs provide a powerful solution. By allowing token holders to vote on decisions, DAOs not only enhance transparency but also create space for users to participate in platform governance. For example, the governance model adopted by MakerDAO successfully avoided multiple major risks, proving the feasibility of decentralized governance.
(2) Digital trust and economic interpretation
Trust is the cornerstone of DeFi. From the perspective of economics, trust is an 'intangible asset,' but its value can be made explicit through mechanism design. In DeFi platforms, trust typically relies on the collaboration of technology (such as smart contracts) and governance (such as DAOs). However, Dexx's governance failure led to a dual destruction of user trust in both technology and the platform. Research in Trust in Blockchain Ecosystems shows that transparency and security are the two pillars upon which DeFi platforms build trust. When a platform provides real-time audits, open-source code, and dynamic governance capabilities, user trust is 35%-50% higher than that of platforms lacking these features.
Three, Solutions represented by Hibit: dual guarantees of technology and governance
3.1 Core innovations of Hibit
(1) Layer-2 security and scalability
Hibit has built over 100,000 lines of custom Layer-2 infrastructure specifically designed to enhance security and scalability. Its smart contracts have undergone rigorous formal verification and include dynamic defense mechanisms (such as time locks and transaction limits), effectively preventing vulnerabilities similar to reentrancy attacks.
(2) Non-custodial wallets and decentralized identity
Hibit provides non-custodial wallets (Hibit ID), eliminating risks of single points of failure and private key leakage. Additionally, the platform ensures user identity and asset security through decentralized identity (DID) technology.
(3) Compensation plan for affected users
In the aftermath of the Dexx incident, Hibit proactively launched an airdrop compensation plan for affected users. This not only helps users mitigate their losses but also helps the entire industry find a true technical benchmark for rebuilding industry confidence.
(4) Integration of real-time AI monitoring systems
Hibit ensures the transparency and compliance of capital flows through real-time transaction monitoring and privacy-enhancing AI tools, without compromising user privacy rights.
Four, Future Outlook:
4.1 The 'art of balancing' between decentralization and security
The future of decentralized finance lies in how to balance the inherent tension between decentralization and security. On one hand, decentralization is the core value of DeFi, enhancing transparency and efficiency by removing traditional intermediaries; on the other hand, complete decentralization often means a lack of central coordination mechanisms, which can lead to increased technical complexity and governance failures. This contradiction creates a 'decentralization paradox' in practical applications: excessive decentralization leads to platforms relying entirely on community decision-making and autonomy, resulting in slow response times and difficulty in timely fixing vulnerabilities in the face of attacks. Excessive centralization introduces centralized components to simplify technology and management processes, losing the essence of decentralization and increasing the risk of single points of failure. In the future, DeFi platforms need a 'progressive decentralization' strategy that finds the best balance between the two through collaborative innovation in technology and governance.
(1) Promotion of distributed verification
Distributed verification mechanisms are an effective technical path that reduce the possibility of single points of failure by allocating transaction verification to multiple nodes or network members. For example, traditional cross-chain bridges can introduce threshold cryptography mechanisms to ensure that no single node can control the entire verification process, thus completing the safest threshold signature function for cross-chain solutions.
(2) Introduction of smart contract insurance
Smart Contract Insurance is a defensive financial tool against smart contract vulnerabilities and external attacks. Platforms can introduce decentralized insurance mechanisms similar to Nexus Mutual to protect user funds. This type of insurance is realized through distributed reserves and on-chain underwriting, enhancing the system's stability while protecting user funds.
(3) Design of dynamic governance models
Innovation in governance models is crucial for balancing decentralization and security. Dynamic Governance is an adjustable governance approach: when the system is operating normally, the platform adopts a decentralized autonomous organization (DAO) model for transparent decision-making; when encountering emergencies, the system triggers an emergency mechanism to temporarily concentrate authority in trusted nodes, allowing for a rapid response to crises. This dual-track mechanism not only enhances the flexibility of the platform but also strengthens security without sacrificing the value of decentralization.
4.2 Risk management and user trust
The Dexx incident highlights the fragility of user trust in DeFi. Trust is the cornerstone of decentralized finance but is also the most easily damaged part. Once user assets suffer losses, the cost of rebuilding trust far exceeds the initial investment required to build that trust. Therefore, future DeFi platforms must elevate risk management and user protection to a strategic core and optimize across technology, governance, and ecology.
(1) Technological innovation: reducing systemic risk
Technology is the first line of defense in managing risks and is also the true safety core rooted in products. The following are the key research directions that the industry needs to focus on in the future and that Hibit has conducted in-depth research on:
- Formal verification of smart contracts
According to data from the Blockchain Research Institute, over 70% of DeFi vulnerabilities could be avoided with Formal Verification tools by 2024. However, the current adoption rate is only 25%. In the future, the popularization and improvement of formal verification tools will be an important task for DeFi platforms.
- Threshold Cryptography
Dexx's centralized key management is one of the root causes of its vulnerabilities. By adopting decentralized key management mechanisms, platforms can significantly reduce the risk of hackers' single-point attacks and achieve the safest cross-chain capabilities.
- On-chain risk warning systems
By integrating AI and blockchain analysis technologies, a real-time on-chain risk monitoring system can be established. For example, the Chainalysis KYT (Know Your Transaction) tool launched in 2023 can detect abnormal transactions in real-time, providing platforms with 90% of potential risk early warnings. The Hibit team has further developed and upgraded these tools.
(2) Governance innovation: establishing a trust ecosystem
The rise of DAOs brings great potential for governance in DeFi platforms, but current practices exhibit inefficiencies and power dispersion. By optimizing the governance structure of DAOs, the platform's ability to maintain user trust can be enhanced:
- Multi-level governance: dividing users, developers, and institutional investors into different governance tiers and assigning different voting weights to each group. This design not only improves governance efficiency but also better balances the interests of all parties.
- Transparency tools for decentralized governance: For example, tools like Snapshot can provide voting transparency, allowing users to clearly see the participation and support rates of each decision, further ensuring true decentralization.
(3) User protection mechanisms: enhancing the trust foundation
Improving user protection mechanisms is crucial for rebuilding trust. Here are several feasible measures:
- On-chain insurance and capital reserves
Decentralized on-chain insurance mechanisms (such as InsurAce) can provide compensation to users in the event of a hacker attack or smart contract vulnerability. At the same time, the platform should establish sufficient capital reserve mechanisms to cope with potential systemic risks.
- Victim compensation fund
In response to major incidents such as the Dexx hacking attack, platforms can establish dedicated compensation funds to protect user interests. Similar to the full compensation plan launched by Hibit, such measures not only effectively safeguard user trust but also demonstrate the platform's sense of social responsibility.
Conclusion:
Although the Dexx hacking incident was a disaster, it also pointed the way for the future development of DeFi. From technological improvements to governance innovations, from user protection to industry standards, every step forward in DeFi requires deeper thinking and more systematic practices. Platforms represented by Hibit are leading DeFi towards a safer and more trustworthy new era with advanced technology and true decentralization.
If DeFi is an 'industrial revolution' in the financial world, then the Dexx incident is an important security accident and a wake-up call. In the future, we need not only true 'decentralization' but also more robust technology and wiser governance to achieve this ideal. May the industry Builders and we work together to build this beautiful ideal and future.