Focus on Meme Black Swan: Large-scale theft of DEXX on-chain exchange | TrendX Research Institute

avatar
TrendX研究院
1 months ago
This article is approximately 1801 words,and reading the entire article takes about 3 minutes
Late at night on November 16, the decentralized trading platform DEXX suffered a major cyber attack, resulting in the illegal transfer of assets of many users. According to the responses of affected users, DEXX may have suffered losses of up to tens of millions of US dollars due to this attack. The specific figures are still being counted, and the total amount is estimated to be hundreds of millions of US dollars.

As of November 17, the statistics of BTC, ETH, and TON on the TrendX platform are as follows:

The number of BTC discussions last week was 18.23K, down 13.67% from the previous week; the price last Sunday was $91,956, up 13.2% from the previous Sunday.

ETH had 4.27K discussions last week, down 26.98% from the previous week; the price last Sunday was $3,134, down 2% from the previous Sunday.

TON had 777 discussions last week, down 3.63% from the previous week; the price last Sunday was $5.52, up 0.2% from the previous Sunday.

In the middle of the night of November 16, the decentralized trading platform DEXX suffered a major cyber attack, resulting in the illegal transfer of assets of many users. According to the responses of affected users, DEXX may have suffered losses of up to tens of millions of US dollars due to this attack. The specific figures are still being counted, and the total amount is estimated to be hundreds of millions of US dollars. Yu Xian, a Web3 security expert and founder of SlowMist Technology, pointed out that the users private key information has been leaked, but the specific leakage path is still under further investigation. The trust of the on-chain market for the DEXX platform has dropped to the freezing point, and even suspected that it was stolen by the insiders. Although the truth is confusing, the large-scale theft of funds from DEXX has dealt a major blow to the recently very active on-chain Meme market, and it has also once again reminded people to pay attention to the security of on-chain assets.

Is DEXX a platform that embezzles? The latest developments

The DEXX platform plays an important role in the Meme community. It is an on-chain DEX that provides transactions and liquidity for Meme tokens. It also supports the launch, pledge and lending services of Meme coin projects, forming a complete Meme financial ecosystem. DEXXs daily trading volume ranks among the top DEXs in the medium and long term, and is known as the on-chain Binance of the Meme coin market. Regarding the related issue of user private key theft, DEXX is run through smart contracts, and users control their own asset private keys, which should be safer in theory. So where exactly is the problem?

According to BitJungle system monitoring, after preliminary investigation, the DEXX trading platform has a large-scale theft of user assets, and it has been confirmed that the amount of stolen funds has reached hundreds of millions of yuan, and hackers are still continuing to commit crimes and actively transfer user assets. After in-depth technical analysis, the DEXX trading platform has the following serious security issues:

  • Private key storage: The platform is a non-custodial platform, but it [records user private keys]. Once the system is attacked, hackers can easily obtain user private keys and steal user assets.

  • Private key export and plain text transmission: The platform does not take any encryption measures when users export private keys, resulting in the private key being exposed in plain text during transmission, which can be easily intercepted by hackers.

DEXX official statement:

According to the latest news on November 17, DEXX founder Roy responded to the question of loss of contact on the X platform, saying: For special reasons, we cannot synchronize the latest situation at present. Give us some time to deal with it satisfactorily. The day before, DEXX officials said that the team is working hard to solve the problem. Without Rug, the subsequent progress will be synchronized as soon as possible. In response, Roy said that he would pay to make up for it and has isolated some users.

Market reaction:

However, as the amount of stolen funds continues to increase, will DEXX really pay out money to compensate users for their losses? Most users scoffed at this and did not believe what Roy said about compensating users for their losses. They thought that this was a case of the platform stealing from the platform, and their trust in the DEXX platform dropped to a freezing point.

Some users said that DEXX and various trading bots are naked in terms of security. The community found that according to the export_wallet request information in the developer tools, when exporting the DEXX private key, the private key is presented in plain text, which means that the users private key is actually on the official server. If the communication is not encrypted, the attacker may intercept the users private key during the transmission process. Even if HTTPS transmission is used, the direct transmission of the private key may lead to privacy data leakage due to browser vulnerabilities or other security issues. Therefore, some users jokingly said that DEXX redefines non-custodial wallets.

In addition, the wallet application OneKey stated that DEXX has repeatedly requested permission to upload user clipboard contents and may have uploaded the users clipboard contents, saying If you have copied the private key mnemonics on your phone, transfer your assets as soon as possible.

Which memes are at risk of being dumped? What impact will it have on the future market?

According to GMGN market data on the 16th, BAN, LUCE, PNUT and other memes have fallen to varying degrees, possibly due to the theft of DEXX. Among them:

BAN has fallen by about 30% since the incident

LUCE has fallen by about 20% since the incident

PNUT has fallen by as much as 12.5% since the incident.

Emphasis one:

This hacking incident is not over! If the DEXX security team cannot solve the problem in time, hackers will continue to steal the assets of DEXX users. As for the amount of money stolen, as of the 17th, according to the information of more than 500 victims, it can be confirmed that at least 13 million US dollars have been stolen. But this is only the number counted as of the 17th, and the stolen funds may be far more than this number, because in addition to the stablecoin USDT, there are also a large number of Meme coins that have exploded recently, such as $BAN, $Pnut, $BITCAT and other tokens, as well as SOL. We remind that especially the Meme coins on the chain, Meme with poor liquidity, are high-risk assets.

Emphasis 2:

Regarding the funds that have been stolen by hackers, Web3 security team Beosin Alert issued a statement on the 16th saying that the hackers have not yet transferred them. They have collected about 2,800 victims addresses and analyzed more than 9,000 transactions of stolen funds. According to their analysis, the stolen funds are still stored in the addresses controlled by the hackers and there is no sign of transfer.

This means that the hacker has not yet exposed his ultimate goal. It is like a knife hanging over ones head. No one knows whether these Meme coins will be suddenly sold off, coupled with the common FOMO emotional buff of Meme...so this incident will have an immeasurable impact on the Meme world and even the entire crypto market. It may cause many Meme coins to return to zero, causing the recently hot Meme field to fall into a slump, thereby negotiating the vitality and confidence of the entire crypto market.

What is the safest way to entrust funds?

The meme field is undoubtedly a hot spot for wealth creation in the current bull market. On-chain transactions and the use of various automated tools (especially BOT) have become the new normal for users. Combined with the fact that projects such as Bananagun and Unibot have suffered thefts before, the DEXX incident will not be the last. Therefore, the industry needs to be highly vigilant about security issues, and we investors must always be vigilant to ensure the safety of our assets.

When entrusting funds, users can take the following measures to ensure the security of funds:

  • Use hardware wallets to store assets

Hardware wallets are a type of cold wallet that is not connected to the Internet, thus avoiding most online attacks. It is recommended that users choose mainstream hardware wallets such as Ledger and Trezor. Note that you need to ensure that the wallet firmware is the latest version. Keep the mnemonic properly and avoid digital storage of the mnemonic (such as taking a photo or saving it in the cloud).

  • Decentralized asset storage

Avoid single point of failure and store funds in multiple wallets instead of concentrating them in a single address or exchange. It is recommended to store the main assets in a cold wallet and a small amount of transaction funds in a hot wallet.

  • Choose a decentralized hosting solution

It is recommended that users choose verified decentralized hosting to avoid the risk of centralized exchanges. Multi-signature wallets, etc. require multiple signatories to approve transactions, further improving security.

  • Review the security of the exchange or platform

Confirm whether the exchange conducts third-party security audits regularly, and whether the platform makes rectifications and corrections based on the recommendations of the third-party security audits to further protect the security of users account assets. Users who meet certain conditions are advised to understand the platforms fund custody mechanism (such as the ratio of cold and hot wallets, multi-signature protection, etc.).

  • Buy insurance or participate in decentralized risk hedging

In addition to the above actions, you can also purchase crypto insurance against hacker attacks (such as InsurAce, Bridge Mutual).

Here are some safety tips we have prepared for you:

  • Be cautious with recommendations: Before trusting others recommendations, thoroughly research the product mechanism. It is recommended to use automated tools (BOT, etc.) that do not store private keys on the server.

  • Choose reputable tools: Give priority to automation tools (BOT, etc.) that have been running for a long time, have a strong team, and have no history of security issues.

  • Beware of online scams: Do not click on unknown links or respond to any unsolicited private messages on any social platform, such as TG groups.

  • Protect large transactions: Regardless of the tool you use, after completing a large financial transaction, it is recommended to transfer the funds to a wallet that you control.

In addition, I also recommend that you read or reread the Blockchain Dark Forest Self-Rescue Manual by Yu Xian, the founder of SlowMist Technology. When walking in the blockchain dark forest, safety comes first.

Research Report

Focus on Meme Black Swan: Large-scale theft of DEXX on-chain exchange | TrendX Research Institute

Follow us

TrendX: TrendX-No.1 Web3 investment opportunity and platform, relying on industry-leading AI analysis technology and on-chain and off-chain trend tracking technology, conducts real-time analysis from tens of billions of data dynamics, captures investment opportunities, and provides investment advice to users through intuitive interactive methods. Adhering to the concept of change is opportunity, we are committed to becoming the users preferred Web3 investment platform.

Investing involves risks. The project is for reference only. Please bear the risks at your own risk.

Original article, author:TrendX研究院。Reprint/Content Collaboration/For Reporting, Please Contact report@odaily.email;Illegal reprinting must be punished by law.

ODAILY reminds readers to establish correct monetary and investment concepts, rationally view blockchain, and effectively improve risk awareness; We can actively report and report any illegal or criminal clues discovered to relevant departments.

Recommended Reading
Editor’s Picks