Self-Custody Gone Wrong or Hacker Shenanigans, DEX Incident Investigation | Timeline

On November 16, the user assets of the on-chain transaction terminal DEXX were stolen, and multiple meme coins experienced a large sell-off early this morning. Currently, the security company has not determined the specific amount stolen, but there are community rumors that the current loss of assets has exceeded sixteen million US dollars.

DEXX founder Roy stated this morning that he will compensate users for their losses. As of now, several users have reported that their account assets have been isolated to a secure address.

DEXX Security Vulnerability

After the DEXX theft incident, the community began to examine this meme-exclusive trading platform that had previously dominated its rebate link, and KOLs who had promoted DEXX were also targeted by users' anger.

The founder of the security firm SlowMist, Cai Yide, stated, "The stolen crowd is related to using DEXX for rug pulls/meme coin trading. The private key belongs to DEXX's centralized custody and has definitely leaked. The disclosure method and other investigation details will be revealed."

The community discovered that according to the export_wallet request information in the developer tool, when exporting the DEXX private key, the private key is displayed in plaintext, indicating that the user's private key is actually on the official server. If communication is not encrypted, attackers may intercept the user's private key during transmission. Even if HTTPS transmission is used, direct transmission of the private key may lead to privacy data leakage due to browser vulnerabilities or other security issues.

Therefore, some users jokingly remarked that "DEXX has redefined non-custodial wallets."

In addition, the wallet application OneKey stated that DEXX has repeatedly requested "upload clipboard content" permission, potentially uploading user clipboard content, stating, "If you have copied your private key mnemonic phrase on your phone, transfer your assets as soon as possible."

DEXX's audit was completed by Certik, and the audit report they provided shows that DEXX scored 59.31 points. This failing score indicates as many as 9 risks. The main risk, "centralization," remains unresolved; two of the four moderate risks have been addressed, including "code vulnerability"; and there are four minor risks, with only one resolved.

Some users expressed that both DEXX and various trading bots are naked in terms of security. Without exception, project teams all have a mentality of "since users don't understand or care, and some lucky peers are doing the same but have not been stolen from, and anyway, if I cared, I would have to pay a lot of RD costs and sacrifice user experience, then I don't have to care either."

Previously, BananaGun and Unibot had both experienced security vulnerabilities, emphasizing the importance of the saying "Not Your Keys, Not Your Money" regarding on-chain transactions.

Latest News and Investigation Progress

11-16 14:12

According to GoPlus Security Monitoring, phishing scams related to rights protection and compensation for DEXX theft victims have been discovered. Users should exercise caution, avoid uploading their private keys/mnemonics or connecting wallets for confirmation to prevent further harm.

11-16 14:02

SlowMist founder Yu Xian posted an update on the DEXX incident on social media, stating that SlowMist has received nearly 500 requests related to the DEXX theft. The incident analysis is still ongoing, with preliminary estimates indicating losses in the tens of millions of dollars (due to significant price fluctuations in some meme coins). Nearly every victim's attacker address is different, suggesting that the attackers in this incident had long-planned the attack, and the source of the gas fee was exchanged for XMR three days ago.

11-16 13:27

Blockchain security audit firm CertiK issued a statement announcing that they have recently received numerous requests for help from DEXX platform users reporting their accounts being emptied. After CertiK's verification, it was confirmed that this security incident occurred on the Solana blockchain, which is not within CertiK's audit coverage.

CertiK stated that the main cause of the incident was improper private key management by the DEXX platform, resulting in the leakage of the official private key.

11-16 12:30

SlowMist founder Yu Xian responded to a circulating screenshot stating "DEXX users have collectively lost $488 million" on social media, mentioning that each victim's hacker address in the DEXX case is different, and the stolen funds are not centralized in one address.

Meme Price Update

11-16 08:56

According to GMGN market data, due to the DEXX theft impact, Meme coins such as BAN, LUCE, PNUT have experienced varying degrees of decline, including:

· BAN has dropped by approximately 30% since the incident and is now priced at $0.126

· LUCE has dropped by approximately 20% since the incident and is now priced at $0.211

· PNUT has experienced a maximum drop of approximately 12.5% since the incident and is now priced at $1.72