According to PANews, the DEXX platform recently experienced a significant asset theft crisis. As a multi-chain integrated trading tool, DEXX offers features such as quick trading, MEV resistance, and strategic trading, providing a convenient trading experience for hundreds of thousands of users amid the memecoin market surge. However, on November 16, many users discovered their account assets had been wiped out.
The issue stemmed from DEXX's centralized asset custody model, similar to that of exchanges, but without implementing the corresponding security level of asset management solutions. This architecture exposed nearly all user assets to risk. This incident not only highlighted DEXX's vulnerabilities in asset management but also provided an opportunity to understand the risks associated with custodial wallets.
Custodial accounts in traditional finance give centralized institutions full control over user assets, requiring users to request withdrawals. For example, addresses assigned by centralized exchanges are only for deposits, and users lack operational control, with all transactions needing platform approval. This means the platform's risk control level significantly impacts asset security.
In contrast, self-custodial accounts use decentralized wallet solutions, allowing users full ownership of their assets. Users generate mnemonic phrases or private keys in a trusted environment, enabling asset transfers without permission. The key distinction between custodial and self-custodial accounts is whether users exclusively control the private key or mnemonic phrase.
The DEXX theft differs from typical exchange thefts, which usually involve either exposure of user account control or direct hacking of the platform, leading to asset transfers from hot wallets or theft of cold wallet keys. DEXX's centralized account structure allows users to create addresses and share operational permissions with the platform, but unlike centralized exchanges, it does not consolidate user funds into secure addresses, such as cold-hot wallet segregation or multi-signature management, creating conditions for single-point failures.
To mitigate custodial risks, users should balance security and convenience. While traditional on-chain transactions are cumbersome, bypassing these steps for trading opportunities increases risk. Users are advised to use custodial services with a clear understanding of risks, limiting exposure to manageable levels. Users should not blindly trust others with address permissions and should manage their permissions carefully, avoiding suspicious applications or links.
Learning Web3 anti-fraud knowledge can help investors avoid potential risks. Bitrace has developed a Web3 anti-fraud manual to help ordinary investors enhance security awareness. The DEXX incident underscores the need for vigilance when enjoying blockchain technology's benefits. By understanding custodial wallet risks and taking preventive measures, investors can better protect their digital assets.