On November 16, the user assets of the on-chain trading terminal DEXX were stolen, instantly stirring waves in the cryptocurrency market. DEXX is a platform focused on memecoin trading, supporting asset transactions across multiple blockchains. However, the news of the asset theft was like a deep-water bomb, revealing significant flaws hidden in its security mechanisms.

Security Vulnerabilities of DEXX

According to Yu Xian, the founder of the security agency Slow Mist, this theft incident is related to users trading memecoins on DEXX, whose private keys are centrally managed by DEXX, posing a risk of leakage. Slow Mist's investigation revealed that when exporting private keys, they were stored in plaintext on the official server, meaning any attacker could intercept these private keys during data transmission, leading to asset leakage.

The audit report of DEXX, provided by Certik, scored only 59.31 points, indicating serious security risks.

Image Source: Certik

Generally, audit reports categorize risks into several levels: critical, major, moderate, minor, and informational. The audit report for DEXX clearly states there are 4 moderate issues—“vulnerable code,” with two unresolved, which may have been a “harbinger” of DEXX's recent hacking incident.

Latest Situation Tracking of DEXX

Loss Amount Tracking
After the incident on November 16, a large number of users reported that their assets had been emptied. Following the incident, Yu Xian initially estimated the loss amount to have reached tens of millions of dollars. Community rumors suggest that the lost assets could be as high as $16.79 million, with multiple memecoins experiencing large sell-offs, causing prices to drop temporarily. According to AICoin data, the BAN coin fell over 25% within 45 minutes after the incident.

Image Source: AICoin

According to the latest data from Yu Xian, the total loss is currently close to $20 million.

Image Source: x

Founder Response and Official Actions

DEXX founder Roy responded to the incident, stating that they would compensate users for their losses and are coordinating with law enforcement agencies for an investigation. Meanwhile, DEXX officially released a statement on social media, stating that they have collaborated with multiple security agencies to trace hacker information and are applying through legal channels to mark the hacker's wallet address.

In the latest news, to further apply pressure, DEXX issued an ultimatum to the hacker, demanding the return of the stolen funds within 24 hours, or legal action would be taken. DEXX promised that if the funds are returned, they would offer a bug bounty and destroy all information related to the hacker.

Image Source: x

Security Recommendations: Protect Your Digital Assets

This incident once again emphasizes the importance of asset security for users when using blockchain trading platforms. Here are some security recommendations from AICoin to help users protect their digital assets:

Choose decentralized wallets: Avoid wallets that store private keys on servers; opt for decentralized wallets that do not manage private keys.
Regularly update security settings: Ensure the use of the latest security protocols and software versions to prevent exploitation of known vulnerabilities.
Be cautious with unknown links and applications: Do not click on unfamiliar links in social media and groups, and be wary of potential phishing attacks.
Diversify investments: Avoid concentrating a large amount of assets on one platform or wallet; diversifying investments can reduce risk.
Use security tools: Utilize multi-signature, hardware wallets, and other tools to enhance security.

The DEXX theft incident serves as a warning to its users and a reminder to the entire industry. With the rapid development of blockchain technology, security issues are becoming increasingly important, and both users and platforms should strengthen their identification and prevention of potential risks.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。