The Dexx hacking incident was like an earthquake that shocked the web3 industry, causing an unprecedented impact on the entire web3 and DeFi field. This incident not only exposed the deep vulnerabilities of the technical architecture of ordinary decentralized exchanges (DEX), but also triggered a crisis of trust and rethinking in decentralized finance - users suffered heavy losses, the industry's reputation was damaged, and even some people began to question whether the financial vision of security, efficiency, and fairness advocated by DeFi can be truly realized.
However, crises are often opportunities for deepening cognition and change. From technology to governance, from theory to practice, this incident provides us with an opportunity to re-examine DeFi. Starting from the incident itself, we will conduct an in-depth analysis of the Dexx hacking incident, combining event analysis, theoretical research, and predictions of future technological trends, and explore how products and security solutions represented by Hibit can promote DeFi to true maturity.
1. Review of the Dexx hacking incident
1.1 Core details of the Dexx incident
According to public information, Dexx suffered a loss of up to 40 million US dollars from the attack and the number is still growing. Thousands of users have suffered losses. At 4 am on November 16, 2024, the official issued a reminder statement: user tokens have been transferred away, and several professional audit teams have begun to analyze and investigate. At 18:40 on the same day, DEXX issued a statement: 1. The team has communicated with law enforcement agencies in many places to file a case; 2. Hope to communicate with hackers; 3. The SlowMist team has been connected to conduct a statistical investigation of all users' damaged funds and the flow of hacker funds; 4. Subsequent solutions for users are being discussed. And the most complete solution has not yet been obtained. After analysis by the Hibit team, this attack focused on the following types of vulnerabilities:
(1) Smart contract vulnerability: reentrancy attack
Hackers repeatedly extracted funds through a "reentrancy vulnerability" in the smart contract of the Dexx liquidity pool. Reentrancy attacks are a common smart contract vulnerability. When a contract allows external calls before updating its internal state, an attacker can repeatedly call the function to complete asset withdrawals. This problem usually stems from a lack of formal verification and auditing during the code development stage.
(2) The centralized key management system is breached
Although Dexx claims to be a fully decentralized platform, the permission management of its key operations (such as coin minting and withdrawal) still relies on centralized servers, and the actual wallet operation of Dexx is a custodial wallet, which has strict security vulnerabilities. Therefore, Dexx is not a truly decentralized DEX, and for this reason, its security issues are firmly grasped - these servers have become the main target of hackers. Once the server is compromised, the attacker gains control of the core functions of the platform and the user's private key.
(3) Lack of transaction verification mechanism and anti-money laundering (AML) system
Dexx’s transaction verification mechanism failed to detect abnormal large withdrawals and frequent trading behaviors in a timely manner. Due to the lack of real-time monitoring and big data analysis tools, the platform failed to quickly stop the loss of funds when hackers began to act. In addition, hackers used privacy-enhancing technologies (such as crypto mixers) to quickly transfer funds out of the platform, exposing Dexx’s lack of anti-money laundering systems and transaction tracking capabilities.
1.2 User Losses and Market Impact
Tens of thousands of users suffered direct losses, and some even lost all their investment assets. The aftermath of the incident caused a sharp drop in the liquidity of the Dexx platform, and the confidence of the entire DeFi market was severely damaged. According to Hibit team statistics, after this incident, the average daily trading volume of DEX in the entire industry dropped by 15%, and the activity of related users also decreased by 20%.
This series of consequences shows that security issues are not only a technical challenge, but also the bottom line of user trust. A security vulnerability can instantly destroy the trust that a platform has accumulated over many years.
2. Theoretical Analysis: The Nature and Risks of Decentralized Finance
2.1 Theoretical Basis of Decentralized Economics
(1) Transaction Cost Economics: The Efficiency Paradox of Decentralization
One of the theoretical foundations of decentralized finance (DeFi) is transaction cost economics (Transaction Cost Economics, Coase, 1937). Coase proposed that by reducing intermediaries, transaction costs can be significantly reduced. However, in the practice of DeFi, we see an "efficiency paradox": although the intermediary is removed, new types of risks and costs are created.
For example, the Dexx hack exposed the vulnerabilities of smart contracts, and this technical risk has become a new transaction cost. When using DeFi platforms, users must bear the uncertainty brought about by hacker attacks, smart contract errors, and platform governance failures. According to a 2023 study (Xu et al., Journal of Blockchain Research), the average transaction risk cost of DeFi is 30%-50% higher than that of traditional finance, which is directly related to the complexity of smart contracts and the fragility of decentralized architecture.
(2) Imbalance between capital return and risk transfer
From the perspective of Modern Portfolio Theory (Markowitz, 1952), the ideal state of decentralized finance is to improve the efficiency of capital allocation through decentralization and intermediary-free transactions. However, the Dexx hacking incident revealed the imbalance between capital returns and risk allocation. Since DeFi platforms often rely on liquidity providers (LPs) to support the capital pool, once the platform is attacked, the losses will be concentrated on ordinary users rather than the platform or technology providers. In addition, a 2024 study (Zhang et al., DeFi Risk Assessment) showed that in DeFi platforms, user losses accounted for more than 80% of the total hacker attack losses, which is relatively low in the traditional financial system. This risk transfer mechanism poses a major challenge to the risk diversification logic of DeFi platforms.
2.2 Analysis of Computer and Security Architecture
(1) Smart Contract Vulnerabilities: Theory and Practice
Smart contracts are the core of DeFi, but the fragility of their code design has led to frequent security incidents. In 2024, a study by Liu et al. published in ACM Computing Surveys summarized the common types of smart contract vulnerabilities, especially reentrancy attacks (such as the attack encountered by Dexx). The study pointed out that more than 45% of DeFi security incidents were attributed to code vulnerabilities in smart contracts, which was mainly due to the lack of formal verification tools and dynamic monitoring mechanisms by the development team.
- Formal Verification: Verifying whether smart contracts comply with specified specifications through mathematical models can significantly reduce code defects. Luu et al. (2016) pointed out in Ethereum's Future that formal verification is crucial to the security of complex smart contracts. However, currently less than 20% of DeFi platforms adopt this technology, resulting in a large number of platforms still relying on traditional code audits and being unable to deal with highly complex attacks.
- Dynamic defense mechanisms: For example, timelocks and transaction caps are effective means to deal with large abnormal transactions. However, in Dexx, these mechanisms are completely missing, allowing attackers to quickly withdraw a large amount of funds in a short period of time.
(2) Decentralization and innovation of key management
Dexx's centralized key management is the core vulnerability of this incident. In contrast, threshold cryptography and other methods provide a safer solution for decentralized key management: this method allows keys to be split into multiple parts, held by multiple nodes and verified collaboratively. Even if a node is compromised, the key remains safe. In 2023, a joint study by IBM and Hyperledger showed that decentralized systems using threshold cryptography have reduced the risk of single point failure by more than 70%.
(3) Authentication technology to resist phishing and social engineering
Despite the continuous upgrade of technical security defenses, social engineering attacks remain one of the main threats to DeFi. Research shows that about 40% of hacking incidents involve phishing attacks. Anti-phishing authentication technologies such as the FIDO2 standard and behavioral analysis AI can significantly reduce user risks caused by human errors. FIDO2, for example, provides a passwordless multi-factor authentication experience using biometrics and hardware authentication keys. In 2024, Crypto.com fully integrated the FIDO2 standard in its wallet, reducing account theft incidents by 65%.
2.3 Governance Theory and Trust Mechanism of DeFi Platform
(1) Dynamic governance and decentralized autonomy
The Dexx incident reflects serious flaws in governance. Despite its claim to be decentralized, the platform's actual decision-making mechanism is highly centralized and failed to respond quickly when the incident broke out. This phenomenon of "pseudo-decentralization" is not uncommon in the DeFi industry. DAO provides a powerful solution. Through voting by token holders, DAO not only improves transparency, but also creates space for users to participate in platform governance. For example, the governance model adopted by MakerDAO has successfully avoided multiple major risks, proving the feasibility of decentralized governance.
(2) Digitalization of trust and its economic interpretation
Trust is the cornerstone of DeFi. From an economic perspective, trust is an "intangible asset", but its value can be made explicit through mechanism design. In DeFi platforms, trust usually relies on the synergy of technology (such as smart contracts) and governance (such as DAO). However, Dexx's governance failure has led to a double destruction of users' trust in technology and platforms. In the research of Trust in Blockchain Ecosystems, it is shown that transparency and security are the two pillars for DeFi platforms to build trust. When the platform provides real-time auditing, open source code, and dynamic governance functions, user trust is 35%-50% higher than that of platforms that lack these functions.
3. Solutions represented by Hibit: Dual protection of technology and governance
3.1 Hibit’s core advantages
(1) Layer-2 security and scalability
Hibit has built a self-built Layer-2 infrastructure with more than 100,000 lines of code, specifically designed to enhance security and scalability. Its smart contracts have undergone rigorous formal verification and built-in dynamic defense mechanisms (such as time locks and transaction limits) to effectively prevent vulnerabilities such as reentrancy attacks.
(2) Non-custodial wallets and decentralized identities
Hibit provides a non-custodial wallet (Hibit ID) to eliminate the risk of single point failure and private key leakage. In addition, the platform ensures the security of user identity and assets through decentralized identity (DID) technology.
(3) Compensation plan for affected users
In the aftermath of the Dexx incident, we at Hibit proactively launched an airdrop compensation plan for the affected users. This not only helps users make up for their losses, but also helps the entire industry find a true technical benchmark to rebuild industry confidence.
(4) Integrated real-time AI monitoring system
Hibit ensures transparency and compliance of fund flows without compromising users’ privacy rights through real-time transaction monitoring and privacy-enhancing AI tools.
4. Future Outlook:
4.1 The Art of Balancing Decentralization and Security
The future of decentralized finance lies in how to balance the natural tension between decentralization and security. On the one hand, decentralization is the core value of DeFi, which improves transparency and efficiency by removing traditional intermediaries; on the other hand, complete decentralization often means the lack of a central coordination mechanism, which easily leads to increased technical complexity and governance failure. This contradiction has formed a "decentralization paradox" in practical applications: Over-decentralization: The platform relies entirely on community decision-making and autonomy, resulting in slow response and difficulty in timely repairing vulnerabilities when faced with attacks. Over-centralization: In order to simplify technology and management processes, the platform introduces centralized components, which makes it lose its decentralized nature and increases the risk of single point failure. In the future, DeFi platforms need a "progressive decentralization" strategy, that is, through the collaborative innovation of technology and governance, to find the best balance between the two.
(1) Promotion of distributed verification
Distributed verification mechanism is an effective technical path, which reduces the possibility of single point failure by distributing transaction verification to multiple nodes or network members. For example, the traditional cross-chain bridge can introduce the Threshold Cryptography mechanism to ensure that no single node can control the entire verification process, thereby completing the most secure cross-chain solution of the threshold signature function.
(2) Introduction of smart contract insurance
Smart Contract Insurance is a defensive financial tool against smart contract vulnerabilities and external attacks. The platform can provide protection for user funds by introducing a decentralized insurance mechanism similar to Nexus Mutual. This type of insurance is implemented through distributed reserves and on-chain insurance, which protects user funds while enhancing the stability of the system.
(3) Design of dynamic governance model
Innovation in governance models is crucial to balancing decentralization and security. Dynamic Governance is an adjustable governance method: when the system is in a normal state, the platform adopts a decentralized autonomous organization (DAO) model for transparent decision-making; when encountering emergencies, the system triggers an emergency mechanism to centralize authority on trusted nodes in a short period of time, thereby quickly responding to the crisis. This dual-track mechanism not only improves the flexibility of the platform, but also enhances security without losing the value of decentralization.
4.2 Risk Management and User Trust
The Dexx incident highlights the fragility of user trust in DeFi. Trust is the cornerstone of decentralized finance, but it is also the most vulnerable part. Once user assets are lost, the cost of rebuilding trust is much higher than the investment required to build initial trust. Therefore, future DeFi platforms must elevate risk management and user protection to the core of their strategy and optimize from the three levels of technology, governance, and ecology.
(1) Technological innovation: reducing systemic risks
Technology is the first line of defense for managing risks and is also the real security core rooted in the product. The following are the key development directions that the industry needs to focus on in the future and are also the research directions that Hibit has deeply cultivated:
- Formal verification of smart contracts
According to data from the Blockchain Research Institute, more than 70% of DeFi vulnerabilities worldwide in 2024 can be avoided through formal verification tools. However, the current penetration rate is only 25%. In the future, the popularization and improvement of formal verification tools will be an important task for DeFi platforms.
- Threshold Cryptography
Dexx’s centralized key management is one of the sources of its vulnerabilities. By adopting a decentralized key management mechanism, the platform can significantly reduce the risk of single-point attacks by hackers and achieve the safest cross-chain.
- On-chain risk warning system
Combine AI and blockchain analysis technology to establish a real-time on-chain risk monitoring system. For example, the Chainalysis KYT (Know Your Transaction) tool launched in 2023 can detect abnormal transactions in real time, providing the platform with 90% early warning of potential risks. The Hibit team has further developed and upgraded these tools.
(2) Governance innovation: building a trust ecosystem
The rise of DAOs brings great potential to the governance of DeFi platforms, but its current practice suffers from inefficiency and decentralized power. By optimizing the governance structure of DAOs, the platform's ability to maintain user trust can be enhanced:
- Multi-level governance: users, developers and institutional investors are divided into different governance levels, and each group is given different voting weights. This design not only improves governance efficiency, but also better balances the interests of all parties.
- Transparency tools for decentralized governance: For example, tools such as Snapshot can provide voting transparency, allowing users to clearly see the participation and support rate of each decision, further ensuring true decentralization.
(3) User protection mechanism: strengthening the foundation of trust
Improving user protection mechanisms is crucial to rebuilding trust. Here are a few possible measures:
- On-chain insurance and capital reserves
Decentralized on-chain insurance mechanisms (such as InsurAce) can provide compensation to users in the event of hacker attacks or smart contract vulnerabilities. At the same time, the platform should establish sufficient capital reserve mechanisms to deal with potential systemic risks.
- Victims Compensation Fund
For major incidents, such as the Dexx hack, the platform can set up a special compensation fund to protect the interests of users. Similar to the full compensation plan launched by Hibit, this measure not only effectively protects user trust, but also demonstrates the platform's sense of social responsibility.
Conclusion:
Although the Dexx hacking incident was a disaster, it also pointed out the direction for the future development of DeFi. From technological improvement to governance innovation, from user protection to industry norms, every step forward for DeFi requires deeper thinking and more systematic practice. Platforms represented by Hibit are using advanced technology and true decentralization to lead DeFi into a new era that is more secure and trustworthy.
If DeFi is an "industrial revolution" in the financial world, then the Dexx incident is an important security accident and warning. In the future, we need not only true "decentralization", but also more solid technology and smarter governance to achieve this ideal. I hope that industry builders will work with us to build this beautiful ideal and future.
