Bitget App
Trade smarter
Buy cryptoMarketsTradeFuturesCopyBotsEarn
Whether it's insider theft or hacking, tracing the DEXX theft incident

Whether it's insider theft or hacking, tracing the DEXX theft incident

ChaincatcherChaincatcher2024/11/16 22:11
By:BlockBeats

The loss is at the level of tens of millions of dollars, and the specific amount of stolen assets has not yet been determined.

Author: Rhythm BlockBeats

On November 16, user assets on the on-chain trading terminal DEXX were stolen, and several meme coins experienced significant sell-offs early this morning. Currently, security companies have not confirmed the exact amount stolen, but community rumors suggest that the losses have reached over 16 million dollars.

Roy, the founder of DEXX, stated this morning that he would compensate users for their losses. As of now, multiple users have reported that their account assets have been isolated to a secure address.

Whether it's insider theft or hacking, tracing the DEXX theft incident image 0

DEXX Security Vulnerability

After the DEXX theft incident, the community began to scrutinize this meme-exclusive trading platform, which had previously been flooded with its referral links, and KOLs who promoted DEXX were also blamed by users.

Yuxian, the founder of the security firm Slow Mist, stated, "The stolen group is related to using DEXX for pumping shitcoins/meme trading, and the private keys belong to DEXX's centralized custody, which must have leaked. The investigation will reveal how it was leaked."

The community discovered that according to the export_wallet request information in the developer tools, when exporting the DEXX private key, the private key is presented in plaintext, meaning that user private keys are actually on the official server. If the communication is not encrypted, attackers may intercept users' private keys during transmission. Even if HTTPS is used, directly transmitting the private key could still lead to privacy data leakage due to browser vulnerabilities or other security issues.

As a result, some users jokingly said, "DEXX has redefined non-custodial wallets."

Whether it's insider theft or hacking, tracing the DEXX theft incident image 1

Additionally, the wallet application OneKey stated that DEXX repeatedly requested permission to "upload user clipboard content," which may have uploaded users' clipboard contents, advising, "If you have copied your private key mnemonic on your phone, transfer your assets as soon as possible."

The audit of DEXX was completed by Certik, which reported a score of 59.31, a failing score indicating up to 9 risks. Among them, the major risk of "centralization" remains unresolved; four moderate risks have two resolved and two unresolved, including "vulnerable code"; and there are four minor risks, with only one resolved.

Whether it's insider theft or hacking, tracing the DEXX theft incident image 2

Some users indicated that DEXX and various trading bots are completely exposed in terms of security, with project parties universally adopting a mindset—"Anyway, users don't understand or care, and there are lucky peers who do the same but haven't been hacked yet; if I care, I would have to pay a lot in R&D costs and user experience, so I don't have to care."

In light of previous incidents involving BananaGun and Unibot, which also had theft risks, the principle of on-chain trading remains: "Not Your Keys, Not Your Money."

Latest News and Investigation Progress

11-16 14:12

According to GoPlus security monitoring, phishing scams related to "rights protection communities," "DEXX theft registration," and "DEXX compensation" targeting DEXX stolen users have been discovered. Users need to be cautious and avoid uploading private keys/mnemonic phrases or connecting wallets to confirm, to prevent secondary harm.

11-16 14:02

Yuxian, the founder of Slow Mist, posted an update on social media regarding the DEXX incident, stating that Slow Mist has received nearly 500 requests related to the DEXX theft. The event analysis is still ongoing, and preliminary assessments indicate losses in the tens of millions of dollars (due to significant price fluctuations of some meme coins). Almost every victim corresponds to a different attacker address, indicating that the attackers had long planned this incident, with gas sources exchanged through XMR three days ago.

11-16 13:27

Blockchain security audit company CertiK released a statement saying that they have recently received a large number of requests for help from DEXX platform users, who reported that their account assets were emptied. CertiK confirmed that this security incident occurred on the Solana chain, but that chain is not within CertiK's audit coverage.

CertiK stated that the main reason for the incident was improper management of private keys on the DEXX platform, leading to the leakage of official private keys.

11-16 12:30

Yuxian, the founder of Slow Mist, responded on social media to screenshots circulating online claiming "DEXX users have cumulatively lost 488 million dollars," stating that each victim in the DEXX case corresponds to a different hacker address, and stolen funds will not be concentrated in one address.

Meme Price Update

11-16 08:56

According to GMGN market data, possibly affected by the DEXX theft, BAN, LUCE, PNUT, and other memes have experienced varying degrees of decline, including:

· BAN has dropped about 30% since the incident, currently priced at 0.126 dollars

· LUCE has dropped about 20% since the incident, currently priced at 0.211 dollars

· PNUT has dropped as much as about 12.5% since the incident, currently priced at 1.72 dollars

0

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Locked for new tokens.
APR up to 10%. Always on, always get airdrop.
Lock now!

You may also like

SCRTUSDT now launched for futures trading and trading bots

Bitget has launched SCRTUSDT for futures trading with a maximum leverage of 75, along with support for futures trading bots, on November 21, 2024 (UTC+8). Welcome to try futures trading via our official website (www.bitget.com) or Bitget APP. SCRTUSDT-M perpetual futures: Parameters Details Listing

Bitget Announcement2024/11/21 12:07

The results of the Solana Radar hackathon have been announced, and the decentralized currency exchange platform Reflect has won the championship

This competition brings together founders and developers from over 120 countries, dedicated to building products in areas such as infrastructure, gaming, decentralized physical infrastructure networks (DePIN), DAOs, DeFi, payments, and various consumer applications.

Chaincatcher2024/11/21 12:00

Solana Hackathon TOP 3, CAI | CharacterX will launch unrestricted AI infrastructure services

In the AI era, infrastructure is like the roads and bridges of the digital world, and what we are building is a highway leading to the infinite possibilities of AI.

Chaincatcher2024/11/21 12:00