Focus on Meme Black Swan: Large Theft Incident at On-Chain Exchange DEXX

As of November 17, the data statistics for BTC, ETH, and TON on the TrendX platform are as follows:

The discussion count for BTC last week was 18.23K, down 13.67% from the week before; the price last Sunday was $91,956, up 13.2% from the Sunday before.

The discussion count for ETH last week was 4.27K, down 26.98% from the week before; the price last Sunday was $3,134, down 2% from the Sunday before.

The discussion count for TON last week was 777, down 3.63% from the week before; the price last Sunday was $5.52, up 0.2% from the Sunday before.

In the late night of November 16, the decentralized exchange platform DEXX suffered a major cyber attack, resulting in the illegal transfer of assets from many users. According to the affected users, DEXX may have incurred losses of up to tens of millions of dollars due to this attack, with the current specific figures still being tallied, and the total amount estimated to exceed one hundred million dollars. Web3 security expert and founder of SlowMist Technology, Yu Xian, pointed out that users' private key information has been leaked, but the specific leak channels are still under further investigation. Trust in the DEXX platform has plummeted, with even suspicions of insider theft. Although the truth remains elusive, this large-scale theft of funds from DEXX has dealt a significant blow to the recently very active on-chain Meme market, while also reminding people to pay attention to the security of on-chain assets.

Is DEXX engaging in insider theft? Latest developments in the incident

DEXX holds an important position in the Meme space, as it is a dedicated on-chain DEX providing trading and liquidity for Meme tokens, and also supports the launch, staking, and lending services of Meme coin projects, forming a complete Meme financial ecosystem. DEXX's daily trading volume has long ranked among the top in DEXs, earning it the title of the on-chain "Binance" of the Meme coin market. Regarding the issue of user private keys being stolen, DEXX operates through smart contracts, allowing users to control their asset private keys, which theoretically should be more secure. So where exactly did the problem arise?

According to monitoring by the Bitcoin Jungle system, preliminary investigations have confirmed that the large-scale theft of user assets on the DEXX trading platform has reached over one hundred million dollars, and hackers are still actively transferring user assets. In-depth technical analysis has revealed the following serious security issues with the DEXX trading platform:

• Private key storage: The platform is a non-custodial platform but has recorded user private keys. Once the system is attacked, hackers can easily obtain user private keys and steal user assets.

• Plaintext transmission of private key exports: The platform did not take any encryption measures when users exported their private keys, resulting in private keys being exposed in plaintext during transmission, making it easy for hackers to intercept.

DEXX's official statement:

On November 17, the latest news reported that DEXX founder Roy responded to the concerns about being unreachable on the X platform, stating: "Due to special reasons, we cannot synchronize the current situation. Please give us some more time to handle this satisfactorily." The day before, DEXX's official statement indicated that the team is working hard to resolve the issue, asserting there is no rug pull, and that updates will be communicated promptly. In response, Roy stated that they would compensate users and have isolated some users.

Market reaction:

However, as the amount of stolen funds continues to grow, will DEXX really compensate users for their losses? Most users scoff at this and do not believe Roy's claims of compensation, considering it a case of insider theft by the platform, with trust in DEXX completely plummeting.

Some users have stated that DEXX and various trading bots are exposed in terms of security. The community has discovered that, according to the export_wallet request information in the developer tools, when exporting DEXX private keys, the private keys are presented in plaintext, meaning user private keys are actually on the official server. If communication is not encrypted, attackers may intercept user private keys during transmission. Even using HTTPS for transmission, direct transmission of private keys could lead to privacy data leaks due to browser vulnerabilities or other security issues. Therefore, some users jokingly stated that "DEXX has redefined non-custodial wallets."

Additionally, the wallet application OneKey has indicated that DEXX has repeatedly requested permission to "upload user clipboard content," which may have uploaded users' clipboard content, stating, "If you have copied your private key mnemonic on your phone, please transfer your assets as soon as possible."

Which Meme coins are at risk of being dumped? What impact will this have on the market?

According to GMGN market data on the 16th, possibly affected by the DEXX theft, Meme coins such as BAN, LUCE, and PNUT have experienced varying degrees of decline, including:

· BAN has dropped about 30% since the incident occurred.

· LUCE has dropped about 20% since the incident occurred.

· PNUT has dropped as much as about 12.5% since the incident occurred.

Key Point One:

This hacking incident is not over! If the DEXX security team cannot resolve the issue in a timely manner, hackers will continue to steal DEXX users' assets. As for the amount stolen, as of the 17th, based on the information of over 500 victims they have compiled, it can be confirmed that at least $13 million has been stolen. However, this is just the figure as of the 17th; the actual amount stolen may be much higher, as besides the stablecoin USDT, a large number of recently popular Meme coins, such as $BAN, $Pnut, $BITCAT, and SOL have also been stolen. We remind users that especially on-chain Meme coins with poor liquidity are high-risk assets.

Key Point Two:

Regarding the funds that have already been stolen by hackers, the Web3 security team Beosin Alert issued a statement on the 16th stating that the hackers have not yet transferred the funds. They have collected about 2,800 victim addresses and analyzed over 9,000 transactions of stolen funds. According to their analysis, the stolen funds are currently still stored in addresses controlled by the hackers, with no signs of being transferred.

This means that the hackers have not yet revealed their "ultimate goal," like a sword hanging over their heads, and no one knows whether these Meme coins will be suddenly dumped, compounded by the common FOMO sentiment in the Meme space… Therefore, this incident will have immeasurable impacts on the Meme community and even the entire crypto market, potentially causing many Meme coins to go to zero, leading to a significant downturn in the recently hot Meme sector, thus undermining the vitality and confidence of the entire crypto market.

How to securely manage funds?

The Meme sector is undoubtedly a hotspot for wealth creation in the current bull market, and on-chain trading and the use of various automation tools (especially bots) have become the new norm for users. Given that previous projects like Bananagun and Unibot have also suffered theft incidents, the DEXX incident will not be the last. Therefore, the industry needs to maintain a high level of vigilance regarding security issues, and we investors must always stay alert to ensure the safety of our assets.

Users can take the following measures when managing funds to ensure their security:

• Use hardware wallets to store assets

Hardware wallets are a type of cold wallet that does not connect to the internet, thus avoiding most online attacks. Users are advised to choose mainstream hardware wallets like Ledger and Trezor. It is important to ensure that the wallet firmware is up to date. Properly safeguard your mnemonic phrase and avoid storing it digitally (such as taking photos or saving it in the cloud).

• Diversify asset storage

Avoid "single points of failure" by spreading funds across multiple wallets, rather than concentrating them in a single address or exchange. It is recommended to store main assets in cold wallets and a small amount of trading funds in hot wallets.

• Choose decentralized custody solutions

Users are advised to opt for verified and genuine decentralized custody to avoid the risks of centralized exchanges. Multi-signature wallets, which require multiple signers to approve transactions, further enhance security.

• Review the security of exchanges or platforms

Confirm whether the exchange conducts regular third-party security audits and whether the platform has made corrections based on the recommendations from those audits to further protect users' account assets. For users with certain conditions, it is best to understand the platform's fund custody mechanisms (such as the ratio of cold to hot wallets, multi-signature protection, etc.).

• Purchase insurance or participate in decentralized risk hedging

In addition to the above actions, users can also purchase crypto insurance against hacking attacks (such as InsurAce, Bridge Mutual).

Here are some safety tips we have prepared for everyone:

• Be cautious with recommendations: Before trusting others' recommendations, thoroughly research the product mechanisms and prefer automated tools (bots, etc.) that do not store private keys on servers.

• Choose reputable tools: Prioritize those that have been around for a longer time, have strong teams, and have no history of security issues.

• Be wary of online scams: On any social platform, such as TG groups, do not click on unknown links or respond to any unsolicited private messages.

• Protect large transactions: Regardless of the tools used, after completing large fund transactions, it is advisable to transfer the funds to a wallet you control.

Additionally, we recommend reading or re-reading the "Self-Rescue Manual for the Dark Forest of Blockchain" by Yu Xian, founder of SlowMist Technology, as safety comes first when navigating the dark forest of blockchain.

Research Report