Recently, the DEXX platform encountered a severe asset theft crisis. As a multi-chain integrated trading tool, DEXX supports features such as quick trading, MEV resistance, and strategy trading, providing an extremely convenient trading experience for hundreds of thousands of users amid the memecoin market surge. However, on November 16, many users discovered that their account assets had been emptied.
The reason lies in its adoption of a centralized asset custody model similar to that of exchanges, but without implementing a corresponding security-level asset management solution. This architecture exposed almost all users' assets to risk.
This incident not only revealed the vulnerabilities in DEXX's asset management but also provided us with an opportunity to gain a deeper understanding of the risks associated with custodial wallets.
Difference Between Custodial Accounts and Self-Custodial Accounts
Custodial Accounts: In traditional finance, centralized financial institutions have complete control over user assets, and users must apply to the institution to redeem their funds. For example, the addresses assigned to users by centralized exchanges are only for deposits; users do not have operational permissions, and all trading, transfer, and withdrawal activities must be approved by the platform.
This means that the platform's risk control level will significantly impact the security of user assets.
Self-Custodial Accounts: Self-custodial accounts utilize decentralized wallet solutions, allowing users to have complete ownership of their assets. After generating a mnemonic phrase or private key in a trusted environment, users can transfer assets within the address without needing anyone's permission.
The key feature distinguishing custodial from self-custodial is whether the user exclusively holds the private key or mnemonic phrase of the address.
Differences Between DEXX Theft and Exchange Theft
Theft of exchange accounts typically falls into two categories: either the user's platform custodial account control permissions are exposed, leading to illegal asset transfers, or the platform itself is hacked, resulting in direct asset transfers from the hot wallet, or even theft of the cold wallet's private keys or mnemonic phrases.
DEXX adopted a similar centralized account structure, allowing users to create addresses on the platform and share address operational permissions with users. However, unlike CEXs, the former does not aggregate users' custodial funds into several centralized addresses for secure management—such as cold and hot wallet isolation, multi-signature management, etc.—which also creates conditions for single points of failure.
How Users Can Avoid Custodial Risks
Balancing Security and Convenience: Although traditional on-chain trading steps are cumbersome, bypassing these steps in pursuit of trading opportunities increases risk. Therefore, it is recommended that users appropriately utilize custodial services based on a full understanding of the risks, limiting their risk exposure to a manageable level.
Do Not Blindly Trust: Do not easily hand over your address permissions to others or tools. Manage your permissions well in daily use, avoiding suspicious applications or clicking on unknown links.
Learn Web3 Anti-Fraud Knowledge: Understanding common fraud techniques can help investors avoid most potential risks. Bitrace has compiled a Web3 anti-fraud manual aimed at helping ordinary investors enhance their security awareness; you can access it via this link: https://bitrace.io/en/blog
Conclusion
The DEXX incident indicates that while enjoying the conveniences brought by blockchain technology, one must remain vigilant. By understanding the risks associated with custodial wallets and taking appropriate preventive measures, investors will be better able to protect their digital assets.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
