Scan to download
Home
Article
Flash
Token Unlock
Hot Projects
Specials
Columns
ETF
Knowledge Base
Calendar
Activity
Tools

Exclusive Interview with DEXX Founder: The Responsibility for the Theft Lies Entirely with Us, Compensation Platform Entrance is About to Launch

OdailyNews
2024-12-12 16:50:51
Collection
A management error has caused users to pay the price, and the victims are still waiting for compensation.

Author: Fu Ruhe, Odaily Planet Daily

On November 16, the trading platform DEXX experienced a major security incident. Hackers exploited a technical vulnerability in the platform, stealing over $21 million in user funds, affecting nearly 1,000 victims. This incident not only caused severe economic losses for users but also had a profound impact on the trust mechanism within the industry, quickly becoming a hot topic in the Web3 security field.

After the incident, the DEXX project team failed to disclose the specific reasons for the theft for nearly a month. Worse still, the platform's founder publicly clashed with users on social media, escalating tensions between both parties.

Recently, DEXX founder Roy accepted an interview with Odaily Planet Daily for the first time, providing detailed answers regarding the causes of the security incident, compensation plans for victims, and future improvements for the platform, attempting to address various concerns from victims and the market. (Odaily Note: The following responses represent only the views of DEXX and do not reflect the position of Odaily Planet Daily.)

Interview Transcript

Odaily Planet Daily: Can you explain the reasons behind the DEXX theft? Is it related to the platform's private key management solution?

Roy: The main reason for the theft was our team's mismanagement in security, rather than an issue with the private key management solution itself.

We adopted a market-leading trading and custody solution, consistent with many leading platforms (such as BananaGun, Unibot, etc.). This solution has advantages in trading speed and limit order experience but requires extremely high security management from the team. Our mistake led to the leakage of private keys, and the responsibility lies entirely with us.

Although users reported that private keys were uniformly stored on servers without encryption, this is a misunderstanding of the technical details. In fact, the logic of this solution is to independently generate wallet addresses, which is widely used in mainstream market platforms. The problem lies not in the solution itself but in our team's implementation and management errors.

Odaily Planet Daily: Many victims on social media believe that the asset theft was actually an inside job by the DEXX platform. How do you prove your innocence?

Roy: I have explained multiple times that if we had indeed acted improperly:

  • Security agencies like SlowMist would not collaborate with us.

  • Investment institutions would not continue to engage with us for funding.

  • Law enforcement agencies would take direct action against us instead of assisting in the pursuit of hackers.

In fact, neither I nor my team have any reason to destroy our future for over $20 million. Our daily revenue during peak business periods can reach $300,000 to $400,000, and the platform's valuation reached $60 million before the incident. If we really needed funds, we could have obtained them through more reasonable means, such as issuing platform tokens or attracting institutional investments.

Odaily Planet Daily: What is the current progress of the investigation into the theft? What challenges does the platform face in handling the incident?

Roy: The suspects have been identified domestically, but the investigation process is very complex, involving significant time and resource costs. Law enforcement agencies began to intervene early on, and to ensure the investigation proceeded smoothly, we did not disclose details to the public in the early stages of the case, only releasing some information on December 6. Premature disclosure could affect law enforcement progress or "alert the enemy," so information disclosure needs to be cautious.

For our team, handling the incident requires not only cooperation with law enforcement agencies but also incurs high technical and management costs. Additionally, due to the complex technical details involved in the case and the interests of investment institutions, we still need to further confirm which information can be made public.

Odaily Planet Daily: On December 6, DEXX officially announced a compensation plan, including compensation through investment financing or self-operated income, but victims are not satisfied. What is your view on this issue?

Roy: The original intention of the compensation plan was designed based on the worst-case scenario. At that time, we already knew that the worst-case scenario was unlikely to occur, but to set a psychological expectation for victims regarding the most basic guarantees, we chose to first announce a conservative plan. The actual execution of the plan will be adjusted based on the input of institutional funds.

Currently, the coordination of institutional funds has been basically negotiated, but not yet finalized. As details such as investment amounts and institutional valuations have not been confirmed, we cannot disclose them publicly for the time being. Premature disclosure may lead to market misunderstandings or affect the willingness of institutions to cooperate. Therefore, we hope to wait until the funds are fully secured before explaining and updating the plan to users through a formal announcement.

Odaily Planet Daily: Victims have reported that the project team has been inconsistent in determining the compensation plan, for example, promising to finalize the plan within 48 hours on November 28, but it was not announced until December 6. How do you explain this?

Roy: First of all, we acknowledge that there was indeed a delay in the announcement of the plan, but the reasons mainly stem from some uncontrollable external factors and limitations of objective conditions.

In negotiations at the institutional level, the project team is at a disadvantage. We hope to collaborate with more powerful and reputable institutions to secure the best interests for users, but this means repeatedly assessing conditions and delaying the final confirmation of the plan.

Additionally, during the pursuit of the hacker, certain details involve sensitive information related to the cooperation between law enforcement and security companies. Excessive disclosure could lead to misunderstandings or even damage the reputation of relevant parties. Therefore, we chose not to disclose this information publicly.

Although the decision to delay was made out of caution, we failed to communicate the specific reasons to users in a timely manner, leading to misunderstandings, for which we deeply apologize.

Odaily Planet Daily: On December 6, DEXX officially stated that a plan would be finalized within 7 working days. The time is approaching; can the platform confirm the specific compensation plan?

Roy: Our current plan is to first launch a compensation platform entrance by the deadline, with the specific process as follows:

  • User confirmation of the damaged amount: The damaged amounts reported by third-party institutions may be inaccurate or incomplete, so we need users to verify and confirm whether the damaged amounts are correct through the platform entrance. Once users confirm the amount and click "Confirm," a final debt record will be created.

  • Compensation based on debt records: The confirmed debt records will serve as the basis for compensation. Once institutional funds are in place, we will compensate users based on their proportion of the debt.

  • Clarification of debt structure and compensation plan: The "7 working days" we proposed refers to first confirming whether the debt structure is correct, and then having users verify and agree on the debt amount. Once this step is completed, the final debt will be established.

The specific compensation plan has been formulated, but due to factors involving institutional funds, it has not yet been disclosed publicly. The overall process will be conducted in stages, and once institutional funds are secured, we will handle debt compensation matters in tiers. If users have questions after confirming the amount, we will verify and address them based on the records.

Odaily Planet Daily: Victims mentioned that the platform was unresponsive in the days leading up to December 6. Why didn't you come forward to maintain close communication at that time?

Roy: In fact, there was no so-called "loss of contact." Many people feel this way because we may not have responded to their questions within 1 to 2 days, leading users to believe we were no longer responding. In reality, we were under immense pressure and uncertainty at that time, but we were always working behind the scenes to address the issues. Our main work during this period can be divided into three stages:

  • Tracking the hacker: In the first week, we focused our efforts on collaborating with security agencies and law enforcement to track the hacker's whereabouts. This was the phase with the highest initial investment and cost.

  • Security upgrades and compensation plan development: In the second week, we comprehensively upgraded the platform's security measures while developing product features related to compensation to provide users with a compensation entry point.

  • Institutional coordination: By the third week, we shifted our focus to negotiations and communications with institutions. This phase of work was particularly complex, requiring us to handle a large number of details.

Although our customer service team occasionally responded to messages in the group, due to the large number of affected users and the volume of questions, we were unable to respond to every user immediately.

Additionally, there are significant limitations on announcements. Each time we issue an announcement, we need to confirm with 2 to 3 security agencies or law enforcement agencies whether the content can be made public. Some information, if disclosed, could affect law enforcement's tracking of suspects. For example, early on, law enforcement agencies identified some suspects, but after further investigation, they found the direction was incorrect and needed to be repeatedly confirmed. These repeated verification tasks consumed a lot of our time and energy.

Users may not intuitively perceive our efforts, but behind the scenes, we have indeed put in a tremendous amount of work. Whether it is tracking hackers, communicating with institutions, or developing compensation plans, we have been making progress. However, due to the restrictions of law enforcement agencies and the need to protect the investigation, we were unable to disclose all progress immediately.

Overall, we did not lose contact; rather, we were working hard to resolve issues for victims and push the situation in a positive direction while facing multiple pressures.

Odaily Planet Daily: Due to this incident, many people have drastically reduced their trust in DEXX's security capabilities and brand. If, one day in the future, DEXX goes live again, how do you think you should regain user trust and encourage them to use it again?

Roy: The core of user trust lies not only in security technology but also in the support and guarantees behind the platform. To this end, we plan to start from the following aspects:

  • Transparency and fairness in compensation: The platform will launch a verification entrance, where users need to confirm the damaged amount to ensure data accuracy. Once confirmed, the system will generate a debt record, and compensation will be made in tiers once institutional funds are secured. The entire compensation plan will be based on principles of openness and transparency, with real-time updates on compensation progress.

  • Comprehensive security upgrades: We will hire multiple top security audit agencies to conduct in-depth security assessments of the platform. We will publicly disclose the upgraded security mechanisms and share technical details and improvement plans with users. We will establish a complete technical support and issue resolution system to ensure the stability and security of the platform's operations.

  • Rebuilding brand credibility: We will introduce several globally renowned exchanges and financial institutions as endorsements to enhance user trust in the platform. Through a strong partnership lineup, we aim to make users clearly perceive the future security guarantees of the platform.

  • Optimizing user emotional management: We will establish an efficient user communication mechanism to respond to feedback promptly. We will strengthen our public relations capabilities and develop clear crisis response strategies to ensure users feel valued and understood emotionally.

  • Strengthening trust: We recognize that 99% of users do not understand technology; what they need is not complex explanations of security technology but a genuine sense of trust. Through multiple endorsements and concrete actions, we aim to convince users that the platform's future is worth relying on.

Related tags
DEXX Founder Roy Private Key Leak
ChainCatcher reminds readers to view blockchain rationally, enhance risk awareness, and be cautious of various virtual token issuances and speculations. All content on this site is solely market information or related party opinions, and does not constitute any form of investment advice. If you find sensitive information in the content, please click "Report", and we will handle it promptly.
banner
OdailyNews
OdailyNews
Which AI Agent projects have been supported by VC?
Which AI Agent projects have been supported by VC?
Is it reliable to use the movements of giant whales as trading signals?
Is it reliable to use the movements of giant whales as trading signals?
Mention the project
DEXX
DEXX On-chain token trading terminal App
Related tags
DEXX Founder Roy Private Key Leak
Related reading
Optimizing annotations to assist precise diagnosis: Enhancing pathological datasets through Codatta's Roylaty Model
Optimizing annotations to assist precise diagnosis: Enhancing pathological datasets through Codatta's Roylaty Model
A must-read for crypto founders: Venture capitalists care not only about your project, but more importantly, about you
A must-read for crypto founders: Venture capitalists care not only about your project, but more importantly, about you
Weekly Report | Microsoft shareholders vote against Bitcoin investment proposal; Trump: Wants to become a leader in the crypto industry and will establish a Bitcoin strategic reserve; DEXX founder: Suspects in the platform theft case have been identified domestically
Weekly Report | Microsoft shareholders vote against Bitcoin investment proposal; Trump: Wants to become a leader in the crypto industry and will establish a Bitcoin strategic reserve; DEXX founder: Suspects in the platform theft case have been identified domestically
Daily Report | Ads for cryptocurrency funds appear on Alipay's homepage; Suspects in the DEXX platform theft case identified domestically; Trump family project WLFI purchases ETH
Daily Report | Ads for cryptocurrency funds appear on Alipay's homepage; Suspects in the DEXX platform theft case identified domestically; Trump family project WLFI purchases ETH
Copyright © 2023
About Us
Media Kit
Apply for a column
Disclaimer
RSS LINK
Recruitment
Qiong ICP No. 2021009392
Qiong ICP No. 2021009392
ChainCatcher Building the Web3 world with innovators
Open the app