Recently, I have occasionally received thanks from the victims of the DEXX theft incident that we helped with. It's not because we caught the attacking gang and recovered the funds, but because the DEXX platform has gradually done compensation work. I have a few feelings: Although our investigation report has not been made public, it can be responsibly said that it was indeed due to a vulnerability in the Zendo platform used by DEXX being exploited, which led to external intrusion. Subsequently, the production network related servers and database permissions were taken down, and all trace analysis restored this attack path. That is to say, DEXX is also a victim, but bears responsibility for inadequate security management. We actually knew the truth a long time ago, but why didn't we say it publicly? On the one hand, it was because of the emotions at that time, no one believed it, and almost everyone thought it was self theft; On the other hand, it is necessary to follow the pace of law enforcement (DEXX reported the case to the police at the first time). For the sake of caution, we also started the investigation from internal suspects, and only began to target external parties after law enforcement gradually eliminated them 2/The attack gang is very clever and cunning. At the beginning, they were disgusted by their coin stealing methods. Each victim's wallet address corresponds to a different attacker's wallet address. We have connected with more than a thousand real victims and several law enforcement agencies that independently report and file cases for victims in various places, and cooperated with several well-known security and data companies. Unfortunately, there was no Happy Ending. The work we can do is limited, but I know that some security companies and local law enforcement have not given up yet. I truly admire them here, and perhaps there will be unexpected gains in their hands in the future The money laundering methods used by attacking gangs are also disgusting. After deducting various losses, the final amount obtained may be less than 20 million US dollars 3/We always try our best to remain neutral, but it can be said at this time: Although DEXX's performance in this life and death hacking incident was quite chaotic, it was able to do compensation work (although it seems to hear many roast), and it has killed 99.99% of the project parties in this industry Why do we have no motivation to keep attacking gangs alive? The reason is simple. Some victims have caused us great harm during our investigation process, which really makes us feel extremely bad. Why should we take action to rescue such people? There is another reason, it should be DEXX himself who never dies with the attacking gang Our security work has its own boundaries. There are also many heartwarming points, such as the majority of victims, DEXX related members, several well-known security and data companies, several law enforcement agencies, and the capital behind DEXX's compensation work. Everyone really hopes to solve the problem and work together to prevent the situation from falling into the abyss. It is already not easy to restore the truth of many security incidents, and it would be really rare to have a happy ending. After the fact, safety is really exhausting. Not many project parties really value safety beforehand, and many regret it afterwards. It's better to invest a certain proportion of the lost funds in safety beforehand I hope you won't be the next remorser. Don't be too confident, please respect power