As of November 17, the data statistics for BTC, ETH, and TON on the TrendX platform are as follows:

The discussion count for BTC last week was 18.23K, down 13.67% from the week before; the price last Sunday was $91,956, up 13.2% from the Sunday before.

The discussion count for ETH last week was 4.27K, down 26.98% from the week before; the price last Sunday was $3,134, down 2% from the Sunday before.

The discussion count for TON last week was 777, down 3.63% from the week before; the price last Sunday was $5.52, up 0.2% from the Sunday before.

In the late night of November 16, the decentralized exchange platform DEXX suffered a major cyber attack, resulting in the illegal transfer of assets from many users. According to the affected users, DEXX may have incurred losses of up to tens of millions of dollars due to this attack, with the current specific figures still being tallied, and the total amount estimated to exceed one hundred million dollars. Web3 security expert and founder of Slow Mist Technology, Yu Xian, pointed out that users' private key information has been leaked, but the specific leakage channels are still under further investigation. The on-chain market's trust in the DEXX platform has plummeted, with suspicions of insider theft. Although the truth remains elusive, this large-scale theft of funds from DEXX has dealt a significant blow to the recently very active on-chain Meme market, while also reminding people to pay attention to the security of on-chain assets.

Is DEXX an insider thief?

Latest developments in the incident

DEXX holds an important position in the Meme space, as it is a dedicated on-chain DEX providing trading and liquidity for Meme tokens, and also supports the launch, staking, and lending services of Meme coin projects, forming a complete Meme financial ecosystem. DEXX's daily trading volume has long ranked among the top in DEXs, earning it the title of the on-chain "Binance" of the Meme coin market. Regarding the issue of user private keys being stolen, DEXX operates through smart contracts, allowing users to control their own asset private keys, which theoretically should be more secure. So where exactly did the problem arise?

According to monitoring by the Bitcoin Jungle system, preliminary investigations have confirmed that the large-scale theft of user assets on the DEXX trading platform has reached over one hundred million yuan, and hackers are still actively transferring user assets. In-depth technical analysis has revealed the following serious security issues with the DEXX trading platform:

• Private key storage: The platform is a non-custodial platform but has recorded user private keys. Once the system is attacked, hackers can easily obtain user private keys and steal user assets.

• Plaintext transmission of private key exports: The platform did not take any encryption measures when users exported their private keys, resulting in the private keys being exposed in plaintext during transmission, making it easy for hackers to intercept.

Official statement from DEXX:

On November 17, the latest news reported that DEXX founder Roy responded to questions about his disappearance on the X platform, stating, "Due to special reasons, we cannot synchronize the current situation. Please give us some more time to handle this satisfactorily." The day before, DEXX's official statement indicated that the team was working hard to resolve the issue, asserting that there was no rug pull, and that updates would be communicated promptly. In response, Roy stated that they would compensate users and had isolated some users.

Market reaction:

However, as the amount of stolen funds continues to grow, will DEXX really compensate users for their losses? Most users scoff at this, not believing Roy's claims of compensation, and consider this to be a case of insider theft by the platform, with trust in DEXX completely plummeting.

Some users have stated that DEXX and various trading bots are completely exposed in terms of security. The community discovered that, based on the export_wallet request information in the developer tools, when exporting DEXX private keys, the private keys are presented in plaintext, meaning that user private keys are actually on the official server. If communication is not encrypted, attackers may intercept user private keys during transmission. Even if HTTPS is used, direct transmission of private keys could lead to privacy data leaks due to browser vulnerabilities or other security issues. Therefore, some users jokingly remarked that "DEXX has redefined non-custodial wallets."

Additionally, the wallet application OneKey indicated that DEXX has repeatedly requested permission to "upload user clipboard content," which may have resulted in the uploading of user clipboard content, stating, "If you have copied your private key mnemonic on your phone, please transfer your assets as soon as possible."

Which Meme coins might be dumped? What are the implications for the future market?

According to GMGN market data on the 16th, possibly affected by the DEXX theft, Meme coins such as BAN, LUCE, and PNUT have experienced varying degrees of decline, including:

· BAN has dropped about 30% since the incident occurred.

· LUCE has dropped about 20% since the incident occurred.

· PNUT has dropped as much as about 12.5% since the incident occurred.

Key point one:

This hacker theft incident is not over! If the DEXX security team cannot resolve the issue in a timely manner, hackers will continue to steal DEXX users' assets. As for the amount stolen, as of the 17th, based on the information of over 500 victims, it can be confirmed that at least $13 million has been stolen. However, this is just the figure as of the 17th; the stolen funds may far exceed this amount, as besides the stablecoin USDT, there are also a large number of recently popular Meme coins, such as $BAN, $Pnut, $BITCAT, and others, as well as SOL that have been stolen. We remind users that especially on-chain Meme coins with poor liquidity are high-risk assets.

Key point two:

Regarding the funds that have already been stolen by hackers, the Web3 security team Beosin Alert released a statement on the 16th, stating that the hackers have not yet transferred the funds. They have collected approximately 2,800 victim addresses and analyzed over 9,000 transactions of stolen funds. According to their analysis, the stolen funds are currently still stored in addresses controlled by the hackers, with no signs of being transferred.

This means that the hackers have not yet revealed their "ultimate goal," which is like a sword hanging over their heads; no one knows whether these Meme coins will be suddenly dumped, compounded by the common FOMO sentiment in the Meme space… Therefore, this incident will have an immeasurable impact on the Meme community and even the entire crypto market, potentially causing many Meme coins to go to zero and severely dampening the momentum of the recently hot Meme sector, thus undermining the vitality and confidence of the entire crypto market.

How to securely manage funds?

The Meme sector is undoubtedly a hotspot for wealth creation in the current bull market, with on-chain trading and the use of various automated tools (especially bots) becoming the new norm for users. Given that previous projects like Bananagun and Unibot have also suffered theft incidents, the DEXX incident will not be the last. Therefore, the industry needs to maintain a high level of vigilance regarding security issues, and we as investors must always stay alert to ensure the safety of our assets.

Users can take the following measures when managing funds to ensure their security:

• Use hardware wallets to store assets

Hardware wallets are a type of cold wallet that does not connect to the internet, thus avoiding most online attacks. Users are advised to choose mainstream hardware wallets like Ledger and Trezor. It is important to ensure that the wallet firmware is up to date. Safeguard the mnemonic phrase and avoid digital storage of the mnemonic (such as taking photos or storing it in the cloud).

• Diversify asset storage

Avoid "single points of failure" by diversifying funds across multiple wallets, rather than concentrating them in a single address or exchange. It is recommended to store main assets in cold wallets and a small amount of trading funds in hot wallets.

• Choose decentralized custody solutions

Users are advised to opt for verified and genuine decentralized custody to avoid the risks of centralized exchanges. Multi-signature wallets, which require multiple signatories to approve transactions, further enhance security.

• Review the security of exchanges or platforms

Confirm whether the exchange conducts regular third-party security audits and whether the platform has made corrections based on the recommendations from these audits to further protect users' account assets. Users with certain conditions should ideally understand the platform's fund custody mechanisms (such as the ratio of cold to hot wallets, multi-signature protection, etc.).

• Purchase insurance or participate in decentralized risk hedging

In addition to the above actions, users can also purchase crypto insurance against hacking attacks (such as InsurAce, Bridge Mutual).

Here are some safety tips we have prepared for you:

• Be cautious with recommendations: Before trusting others' recommendations, conduct in-depth research on the product mechanisms, and prefer automated tools (such as bots) that do not store private keys on servers.

• Choose reputable tools: Prioritize those that have been around for a long time, have strong teams, and have no historical security issues.

• Be wary of online scams: On any social platform, such as TG groups, do not click on unknown links or respond to any unsolicited private messages.

• Protect large transactions: Regardless of the tools used, after completing large fund transactions, it is advisable to transfer the funds to a wallet you control.

Additionally, we recommend reading or re-reading the "Self-Rescue Manual for the Dark Forest of Blockchain" by Yu Xian, founder of Slow Mist Technology, as safety is paramount when navigating the dark forest of blockchain.

Research Report

Follow Us

TrendX: TrendX-No.1 Web3 investment opportunity and platform, relying on industry-leading AI analysis technology and on-chain and off-chain trend tracking technology, analyzing real-time investment opportunities from billions of data dynamics, providing investment advice through intuitive interactive methods, adhering to the concept of "change is opportunity," and striving to become the preferred Web3 investment platform for users.

Investment involves risks, and projects are for reference only; please bear the risks yourself.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。