Yuxian: More than 1,000 victims have submitted DEXX theft form information to Slow Mist.

According to BlockBeats news, on November 25, the founder of Slow Mist, Yuxian, stated on social media that "more than 1,000 victims have directly submitted DEXX theft form information to us, and many others have contacted our security team through various channels. The losses vary in size, and rough statistical data has been disclosed previously. However, many have not been submitted. We are continuously conducting various complex cross-analysis with DEXX officials and partners to avoid false positives while hoping to collect comprehensive data, which is a complex task.

Why is this analysis work so complicated? Because attackers assigned almost a unique wallet address for receiving funds to each victim. There is almost no overlap of funds among these thousands (or even more), and they are mostly independent addresses, with EVMs (covering ETH/BSC/Base chains), as well as Solana; it is currently uncertain whether there are any Tron addresses, all of which are chains supported by DEXX platforms.

The cases of false positives fall into three main types:

1. Malicious or accidental erroneous submissions.

2. When attackers are stealing coins in bulk (as can be seen from on-chain behavior, a very rough theft script was written), due to the rough script strategy, many thefts were not completely executed in the first instance, and several victims recovered some remaining assets (varying in amount). At this point, it becomes mixed which addresses belong to attackers and which belong to victims. This also brings a lot of trouble to the analysis work.

3. Attackers maliciously polluted several victim addresses (some victims actively contacted us to request exclusions).

We know everyone is anxious. In addition to the DEXX officials reporting to the police, several victims have also reported to the police. As a security company, Slow Mist has an obligation to cooperate with law enforcement, and the contents of law enforcement actions will not be disclosed without authorization. This must be understood. By the way, a special reminder: keep an eye on the corresponding attacker wallet addresses, and if there are any changes, please speak up more.