Hotcoin Research | DEXX Billion-Level Hacker Heist, Revealing Fatal Vulnerabilities in On-Chain Security and Self-Rescue Secrets

# I. Introduction: A Shocking Security Crisis in the On-Chain Trading Circle

In November 2024, a major security incident at the on-chain trading platform DEXX shook the entire industry. A hacker attack resulted in the large-scale theft of user assets, with losses quickly rising to tens of millions of dollars. This incident exposed fatal vulnerabilities in DEXX's security architecture, transforming it from a platform praised for its "non-custodial" features and convenient, efficient trading experience into a negative example discussed throughout the industry.

With the booming development of the DeFi ecosystem, on-chain trading tools have experienced explosive growth. These tools attract numerous users with their selling points of "decentralization" and "non-custodial" features. However, the DEXX incident proves that behind convenience often lies significant security risks.

Why is the DEXX incident worth the attention of every on-chain trader?

1. Reveals systemic security vulnerabilities: The incident exposed common flaws in the design and operation of on-chain trading tools.

2. Reflects on the truth of "non-custodial": It unveiled how some platforms misuse the concept of "non-custodial" to cover up security issues.

3. Raises user risk awareness: It provides valuable warnings for users and developers, emphasizing the importance of security education and prevention.

The DEXX incident is not just a security crisis; it is a profound questioning of the current state of the industry: How to balance innovation and security within a decentralized framework?

# II. In-Depth Analysis of the DEXX Incident

Platform Positioning and Business Model

DEXX is a decentralized trading platform focused on on-chain meme coin trading, supporting multi-chain asset trading such as SOL, ETH, and BSC, and providing automated trading tools and liquidity management services. By implementing smart contracts for a convenient trading experience, DEXX was once regarded as a benchmark for on-chain trading tools. However, this incident exposed fatal flaws in the platform's technical architecture.

Misconceptions of the "Non-Custodial" Concept

Although DEXX claims to adopt a "non-custodial" model where users control their private keys, there are numerous risks in actual operations:

• Plaintext storage of private keys: Users export private keys without encryption, making them vulnerable to interception by hackers during transmission.

• Centralized permissions: The platform's permission management system is overly broad, granting the platform actual control over user assets.

• Smart contract risks: Unaudited smart contracts may contain backdoors, allowing unauthorized operations.

Security Vulnerability Analysis

From a technical perspective, DEXX has the following major security risks:

1. Improper private key storage: The platform secretly records user private keys, allowing hackers to gain full control of assets once they infiltrate.

2. Weak permission management: The authorization logic lacks levels or restrictions, leading to potential abuse of user assets by the platform.

3. Insufficient code auditing: Audit reports indicate multiple high-risk vulnerabilities on the platform, with the "centralization" issue being particularly severe.

Affected Asset Statistics

According to on-chain data analysis, the asset losses from this incident include:

• Mainstream tokens: Such as ETH, SOL, etc.

• Stablecoins: Such as USDT, USDC.

• Meme coins: Such as BAN, LUCE, which saw significant price drops due to heavy selling pressure.

The DEXX incident not only caused economic losses for users but also dealt a devastating blow to the trustworthiness of the entire on-chain trading tool industry.

# III. A Wake-Up Call: Common Issues in On-Chain Trading Tools

1. The Truth of "Non-Custodial"

"Non-custodial" tools are considered the safety benchmark for decentralized trading, but many platforms do not genuinely allow users to control their assets in practice:

• Permission abuse: Requiring users to grant excessive permissions, leading to overly centralized assets.

• Implicit custody: Private keys may be stored and managed by the platform, making security dependent on the platform's technical capabilities.

• Contract backdoors: Some smart contracts embed administrative permissions, allowing the platform to bypass user authorization.

2. The Security Dilemma of Trading Bots

Automated trading tools provide convenient trading but also introduce the following risks:

• High permission requirements: Trading bots need access to user private keys or API keys, significantly increasing risk.

• Logical vulnerabilities: Complex trading logic may be exploited by attackers, leading to abnormal trades or market manipulation.

• Centralized control: Many bots store user assets under platform control to enhance trading speed, making them easy targets for attacks.

3. Technical Challenges in Private Key Management

Private key management, as the core of on-chain security, faces the following challenges:

• Conflict between convenience and security: Offline storage is secure but complex to operate; online storage is convenient but carries high risks.

• Weak backup mechanisms: Users often face risks due to improper backups (e.g., plaintext storage).

• Improper permission allocation: Authorization logic lacks refined management; once permissions are leaked, the consequences can be severe.

4. Common Issues Among Similar Platforms

Analysis shows that on-chain trading tools generally have the following issues:

• Insufficient auditing: Many platforms have not undergone comprehensive third-party security audits.

• Weak risk control: Lack of a complete trading monitoring and emergency response mechanism.

• Lack of user education: Users lack basic understanding of authorization logic and security operations, and platforms have not provided effective guidance.

The DEXX incident highlights the shortcomings of on-chain trading tools in terms of security. To promote healthy industry development, platforms, users, and regulatory bodies must work together to strengthen technical and operational standards.

# IV. User Emergency Self-Rescue Guide (Practical Edition)

The DEXX incident exposed security shortcomings in on-chain trading and served as a wake-up call for users. In the event of a similar crisis, users need to act quickly to minimize losses while establishing long-term security prevention mechanisms. Here is a detailed operational guide and security advice.

Immediate Actions

1. Check Asset Damage

• Use blockchain explorers (such as Etherscan, Solscan) to review wallet transaction records and confirm if there are any abnormal transfers.

• Verify asset balances to assess if any assets have been stolen.

• Check the authorization status of smart contracts to identify potentially risky authorization records.

• Prioritize protecting high-value assets and promptly formulate transfer plans.

1. Emergency Asset Transfer Steps

• Prepare a brand new and secure wallet address, ensuring the private key has not been leaked.

• Transfer assets in order of importance (e.g., stablecoins, mainstream tokens).

• Operate in a secure network environment, avoiding public Wi-Fi and infected devices.

• Set appropriate Gas fees to ensure transfer transactions are completed quickly.

1. Revoke Authorization Operations

• Use tools (such as Revoke.cash) to check and revoke suspicious authorizations to prevent hackers from exploiting them.

• Prioritize revoking authorizations for high-risk contracts and keep operation records for future investigations.

• Increase Gas fees to speed up the revocation of authorizations, preventing attackers from acting first.

1. Evidence Preservation

• Screenshot and save relevant transaction records, including timestamps, transaction hashes, contract addresses, and other detailed information.

• Export the complete transaction history of the wallet as case materials.

• Save all communication records with the platform (emails, announcements, social media screenshots).

• Collect media reports and official statements for future rights protection and compensation requests.

1. Reporting and Rights Protection Guide

• Report to local cyber police or cybersecurity departments, providing complete transaction records and event descriptions.

• Contact professional blockchain security companies to assist in tracking stolen assets.

• Keep the police report receipt and seek help from a professional legal team to plan cross-border or complex rights protection strategies.

• Join victim rights protection groups to share information and action plans with other victims.

Ongoing Prevention

1. Best Practices for Secure Private Key Storage

• Use hardware wallets (such as Ledger, Trezor) to store high-value assets, ensuring physical security.

• Regularly back up mnemonic phrases or private keys, using multiple encryption protections and storing them in different secure locations.

• Avoid storing private keys in cloud services or online devices to reduce the risk of theft.

1. Asset Diversification Management Strategy

• Differentiate between hot wallets (for trading) and cold wallets (for long-term storage).

• Allocate assets based on purpose, such as setting up separate wallets for investment and daily trading.

• Regularly check asset distribution to ensure risks are appropriately diversified.

1. Security Tool Selection Criteria

• Investigate the team background, technical strength, and security of the tool or platform.

• Confirm whether the platform has undergone security audits by authoritative institutions and read detailed audit reports.

• Pay attention to community feedback to understand user evaluations of the tool and how historical security incidents were handled.

1. Daily Operation Security Checklist

• Operate in a trusted network environment, avoiding public Wi-Fi.

• Regularly update device security software and enable antivirus and firewall protection.

• Be cautious with authorization requests, especially from unknown or unaudited smart contracts.

• Use account monitoring tools to set transaction alerts and promptly detect abnormal behavior.

# V. Advanced Protection: Building a Personal Asset Security Moat

The security issues of on-chain assets are long-term and complex, especially against the backdrop of frequent security incidents involving trading tools and platforms. To enhance security protection capabilities, users need to comprehensively establish a "security moat" from basic hardware to technical configurations. Here is an advanced protection guide tailored for users.

1. Hardware Wallet Usage Guide

Hardware wallets have become the best choice for protecting digital assets due to their offline storage characteristics, but correct usage is essential for ensuring security.

• Purchase Genuine Hardware Wallets
  Buy mainstream brands (such as Ledger, Trezor, Onekey) through official channels to avoid counterfeit products. Avoid using second-hand devices to prevent tampering.

• Secure Activation and Initialization
  Complete hardware wallet initialization in an offline environment, generate mnemonic phrases, and ensure they are not recorded or leaked by others.

• Backup of Mnemonic Phrases and Private Keys
  Record mnemonic phrases on fireproof and waterproof media (such as metal plates or paper), storing them in multiple secure locations to avoid digital storage.

• Daily Usage Precautions
  Connect hardware wallets only in trusted network environments, avoiding public Wi-Fi or insecure devices. Regularly update device firmware to fix known vulnerabilities.

2. Multi-Signature Wallet Configuration

Multi-signature wallets (Multi-Sig) are an advanced security tool suitable for managing high-value assets, enhancing operational security by setting multiple authorizations.

• Set Multi-Signature Threshold
  Determine the authorization threshold for multi-signature (e.g., 3/5 or 2/3) to ensure a balance between security and convenience.

• Configure Signer Permissions
  Clearly define the permissions and responsibilities of each signer to avoid centralization of permissions or single points of failure.

• Establish Signature Rules
  Set differentiated authorization thresholds for different types of transactions (e.g., asset transfers, smart contract interactions).

• Emergency Recovery Plan
  Configure backup signers or emergency recovery permissions to ensure that assets are not permanently locked when primary signers are unable to operate.

3. Security Assessment Framework for Trading Tools

When selecting on-chain trading tools or platforms, users should systematically assess their security and credibility.

• Code Open Source Level
  Prioritize open-source tools that allow the community to review the code and promptly identify and fix vulnerabilities.

• Smart Contract Audit Status
  Check whether the tool has undergone security audits by authoritative institutions (such as SlowMist) and carefully read relevant audit reports.

• Team Background Investigation
  Understand the technical background and past project history of the development team to assess their credibility and professionalism.

• Community Activity and User Feedback
  Analyze community feedback and activity regarding the tool, especially focusing on how historical security incidents were handled.

• Risk Control Mechanisms
  Investigate whether the platform provides multi-signature, transaction anomaly alerts, and whether it has asset insurance mechanisms.

4. Recommended On-Chain Security Monitoring Tools

Professional on-chain monitoring tools can help users keep track of asset dynamics in real-time and promptly detect potential threats.

• Asset Monitoring Tools

• Recommended Tools: DeBank, Zapper

• Functions: Multi-chain asset balance and transaction record tracking, helping users comprehensively grasp asset status.

• Contract Monitoring Tools

• Recommended Tools: Tenderly, Defender, Goplus

• Functions: Real-time detection of smart contract operation status, identifying potential vulnerabilities or abnormal behaviors.

• Transaction Monitoring Tools

• Recommended Tools: Nansen, Dune Analytics

• Functions: Analyzing on-chain transaction data, tracking fund flows, and promptly detecting abnormal operations.

• Risk Warning Tools

• Recommended Tools: Forta Network

• Functions: Providing real-time risk warnings and attack detection on-chain, helping users take protective measures immediately.

# VI. Reflection and Outlook

The impact of the DEXX incident extends beyond the affected users; it serves as a wake-up call for the entire industry. It reveals the potential risks in the technical architecture and operational models of on-chain trading tools while providing profound reflections and improvement directions for project parties, users, and industry development.

1. Responsibilities of Project Parties

Project parties play dual roles as technology developers and operators in the on-chain ecosystem, with responsibilities encompassing security, transparency, and risk management.

1. Basic Security Responsibilities

• Code Security Audits: Regularly undergo authoritative third-party security audits to ensure the safety of smart contracts and systems.

• Vulnerability Bounty Programs: Encourage the community and security experts to proactively discover vulnerabilities and provide solutions.

• Risk Reserve Fund System: Establish a special fund to compensate users for losses in security incidents.

• Emergency Response Mechanism: Form a professional team to quickly respond to and handle security incidents, minimizing the impact.

1. Information Disclosure Responsibilities

• Risk Warning Obligations: Clearly inform users of potential risks and security advice before they authorize or use the platform.

• Timeliness of Incident Reporting: Publicly disclose the situation to users and provide solutions immediately after a security incident occurs.

• Loss Compensation Plans: Develop clear compensation rules to avoid trust collapse in the aftermath of incidents.

• Transparency of Technical Architecture: Publicly disclose the platform's technical architecture and permission management mechanisms, allowing user supervision.

2. Responsibility Boundaries and Credibility Assessment of KOL Promotion

As industry opinion leaders (KOLs), their promotional activities have a profound impact on user decisions and trust. It is particularly important to clarify their responsibility boundaries and assess their credibility.

1. KOL Responsibility Definition

• Due Diligence Obligation: Thoroughly understand the technical background and security of any project before promoting it.

• Information Verification Responsibility: Verify whether the promises made by the project party align with the actual situation to avoid misleading users.

• Disclosure of Interest Relationships: Publicly disclose cooperative relationships and commission models with project parties to ensure transparency.

• Risk Warning Requirements: Include risk warnings in promotions to guide users in making independent judgments.

1. Credibility Assessment Indicators

• Professional Background: Whether the KOL possesses professional knowledge and industry experience in the blockchain field.

• Historical Promotion Record: Whether their past promoted projects are safe and reliable, and how users have evaluated them.

• Interest Relevance: Whether there is an excessive reliance on promotional income that affects objectivity.

• Adequacy of Risk Warnings: Whether potential risks of the project are fully explained and suggestions are provided.

3. Awakening of User Security Awareness

Users are the final line of defense in the on-chain ecosystem. Enhancing user security awareness is key to preventing asset losses.

1. Basic Security Awareness

• Private Key Security Management: Properly store private keys and mnemonic phrases, avoiding online storage or transmission through insecure channels.

• Caution in Authorization Principles: Carefully evaluate smart contract authorization requests, avoiding excessive authorizations whenever possible.

• Asset Diversification Storage: Distribute assets across multiple wallets to reduce the risk of single-point failures.

• Risk Control Awareness: Regularly check authorization statuses, revoke unnecessary permissions, and maintain account security.

1. Advanced Security Practices

• Use of Multi-Signature: Increase the operational threshold for high-value assets through multi-signature.

• Security Tool Configuration: Use hardware wallets and on-chain monitoring tools to build a comprehensive protection system.

• Regular Security Checks: Inspect wallet status, authorization records, and asset distribution to identify potential risks.

• Emergency Plan Preparation: Develop clear emergency plans to act swiftly in case of asset theft.

4. Development Direction of On-Chain Trading Tools

Future on-chain trading tools need to achieve comprehensive optimization in technology and operations to regain user trust and promote industry development.

1. Technical Architecture Optimization

• Fine-Grained Permission Management: Limit the scope of permission grants to avoid excessive authorizations.

• Multi-Factor Verification Mechanisms: Introduce dual verification or dynamic authorization to enhance operational security.

• Intelligent Risk Control Systems: Combine real-time monitoring and automatic alerts to promptly detect and address abnormal behaviors.

• Increased Decentralization: Reduce reliance on centralized components to truly achieve autonomous asset control.

1. Security Mechanism Improvement

• Introduce Insurance Mechanisms: Provide security guarantees for user assets through insurance products.

• Upgrade Risk Control Systems: Utilize AI and big data to build dynamic risk prevention mechanisms.

• Normalize Auditing: Incorporate third-party security audits into daily project operations to ensure continuous improvement.

• Comprehensive Scenario Monitoring: Cover both on-chain and off-chain security scenarios to comprehensively reduce asset risks.

5. The Path to Balancing Security and Convenience

On-chain trading tools must find a balance between security and user experience to better meet user needs.

1. Technical Aspects

• Simplify Security Operation Processes: Optimize interface design and guidance to reduce user operation difficulty.

• Enhance User Experience: Improve operational smoothness and efficiency without sacrificing security.

• Automate Security Checks: Integrate intelligent tools to automatically remind users of potential security risks.

• Personalized Risk Control Settings: Allow users to customize risk control rules based on their needs.

1. User Aspects

• Differentiated Security Solutions: Provide tiered security solutions for different users.

• Flexible Authorization Mechanisms: Support users in quickly adjusting authorization scopes in different scenarios to meet diverse needs.

• Convenient Emergency Handling: Offer one-click authorization revocation and emergency lock functions to ensure rapid response to security incidents.

# Conclusion

The DEXX incident is not just a security accident; it is a profound reflection on the entire industry. It reminds us that technological innovation cannot come at the expense of security. Only by placing the protection of user assets at the core can the industry truly achieve long-term healthy development.

For users, this is a mandatory lesson in enhancing security awareness; for project parties, it is an urgent task to improve security mechanisms; for all parties in the industry, it is an opportunity to promote standardization and healthy competition. Only by finding the best balance between innovation and security can on-chain trading tools fulfill their promise of decentralization and create real value for users.

The DEXX incident will become a thing of the past, but the warnings it brings will guide the future. Let us learn from it and work together to promote a more secure, mature, and trustworthy blockchain ecosystem.

About Us

Hotcoin Research, as the core investment research department of Hotcoin, is dedicated to providing detailed and professional analysis for the cryptocurrency market. Our goal is to offer clear market insights and practical operational guidelines for investors at different levels. Our professional content includes the "Play and Earn Web3" tutorial series, in-depth analysis of cryptocurrency industry trends, detailed analyses of potential projects, and real-time market observations. Whether you are a newcomer exploring the crypto field for the first time or a seasoned investor seeking in-depth insights, Hotcoin will be your reliable partner in understanding and seizing market opportunities.

Risk Warning

The cryptocurrency market is highly volatile, and investment itself carries risks. We strongly advise investors to invest only after fully understanding these risks and within a strict risk management framework to ensure the safety of their funds.

Website: https://www.hotcoin.com/

X: x.com/Hotcoin_Academy

Mail: labs@hotcoin.com

Medium: medium.com/@hotcoinglobalofficial