“Binance on the Chain” DEXX has caused a stir in the Chinese MEME circle

The first "thief" of the bull market is here.

In the recent crypto market, in addition to Bitcoin, MEME is undoubtedly the biggest winner. AI, Politifi, and Desci have been hyped one after another. Driven by the dual wheels of hot spots and emotions, phenomenal MEMEs such as GOAT, PUNT, and BAN have brought back the dream of 100 times the benefit. Playing "Golden Dog" has also become an indispensable daily activity for MEME people.

The scale of casinos has begun to emerge, and the market-oriented tools around MEME have also increased. Today's protagonist, DEXX, is one of the active on-chain trading terminals in the MEME market recently.

In the early morning of November 16, DEXX was attacked, and the tokens of many users were transferred. So far, the loss has reached 20 million US dollars. I thought it was just an ordinary hacker attack, but with the constant digging of the community, more information has surfaced. Outrageous settings such as private key plain text and mnemonic words on the clipboard have emerged one after another, and the boss is suspected of having a history of Rug.

Is it insufficient prevention or self-directed and self-acted? Fake Rug or real theft? DEXX has once again cast a haze over the Chinese MEME circle.

According to the official introduction, DEXX is a full-chain trading platform focusing on Memecoin, supporting multi-chain asset transactions such as SOL, ETH, TRX, BASE, BSC, and providing on-chain mobile stop-profit and stop-loss, hot spot push, copy trading and other functions. In short, the core function of DEXX lies in on-chain aggregation, and user experience is the key. In its early main publicity, it often uses "on-chain Binance" as a selling point. According to people familiar with the matter, the platform's daily trading volume exceeds 50 million and its daily profit exceeds 300,000 US dollars. It can be seen that although it is not as well-known as mature platforms such as Banana Gun and Unibot, the platform has also begun to take shape and has a certain influence in the MEME circle.

But on November 16, DEXX, which had just become famous, dealt a heavy blow to the MEME market. In the early morning of that day, DEXX was attacked, and many users found that their account tokens were missing. Banana, LUCE and other MEMEs were affected and fell sharply, with LUCE falling by more than 41%. The community panic was imminent, and it caused widespread heated discussions on the public platform. At that time, market rumors were flying all over the place, the rights protection group quickly increased to 3,000 people, more than 9,000 stolen transactions, and even rumors that the amount involved exceeded 500 million US dollars.

However, in the subsequent investigation, the asset loss did not reach this level. According to the 821 stolen users counted by SlowMist, the total loss was close to 20 million US dollars, of which 1 exceeded 1 million US dollars, 2 were in the range of 500,000-1 million US dollars, and 28 were in the range of 100,000-500,000 US dollars. But at present, hackers have not converged, and the transfer of assets is still increasing.

On the day of the incident, DEXX responded quickly, stating that there was no Rug and the problem was being investigated with all efforts. Its founder Roy (@honza204) also followed closely and responded, "We will pay to make up for it, isolate some users, there is no RUG, we are investigating, and we cannot reply one by one, don't worry."

Despite repeated statements that there was no Rug, the battle-hardened community obviously had doubts. The subsequent preliminary investigations by SlowMist and BitJungle have further increased the suspicion of Rug on the platform. The investigation shows that the DEXX platform has major security issues. Not only does it store user private keys in the official server as a non-custodial platform, but when users export private keys, no encryption measures are taken, resulting in the private keys being exposed in plain text during transmission.

In addition to the taboo of plain text transmission, the clipboard permissions are also extremely unreasonable. The DEXX platform was found to repeatedly request user clipboard permissions. If the user has copied the private key or mnemonic in the clipboard, the information is very likely to be inadvertently transmitted to the platform, increasing the risk of sensitive information leakage.

In terms of attack methods, there is no trace of intrusion on the DEXX front end, but the private key is downloaded from the remote server to achieve the theft. And the hacker had obviously planned for a long time. Not only did he choose the relatively fragile time of early morning, but after the attack, the hacker adopted a strategy of creating new wallets in batches to transfer the stolen assets and achieve anti-tracking to the greatest extent.

It advertises itself as a full-chain trading platform, but in reality it is more centralized than centralized. The private key is openly stored in plain text, and the mnemonic can be copied on the clipboard. Such an obvious security risk was ignored by the platform until the so-called "hacker" attacked. Couldn't the hacker be the platform itself?

After the news was disclosed, the market was in an uproar, the community continued to denounce, and the theory of embezzlement and running away with money continued to ferment. The market spontaneously tracked DEXX, and more details also surfaced.

Although from the registration information, the main body of DEXX is quite scattered, with companies registered in the United States, the Bahamas, Singapore, Tokyo, Japan, Hong Kong and the Marshall Islands. But at present, the company is located in the West Lake District of Hangzhou, and the company name is Hangzhou Chengdao Technology Co., Ltd.

Under the opening of the box by netizens, the information of the founder was also disclosed completely. The known founder's real name is Lou Yulinfeng, a native of Jinhua, Zhejiang, only 30 years old, and it is rumored that he once engaged in online gambling. According to the disclosure of Crypto Intelligence Orange, this so-called "pattern" boss actually only has a junior high school education. Some netizens also disclosed the location of his circle of friends, saying that he is currently in Thailand. What's more, it is mentioned that this boss Lou had a soft rug record before, and the project Opendao he participated in was a precedent. Coincidentally, the day before the theft, Roy also posted a post saying "It's good to be rich", which made various conspiracy theories rampant.

Rug public opinion is fermenting, the anger of the market is also heating up, and the KOLs who have promoted the platform have also been stained with a lot of trouble. In fact, the main way of DEXX's publicity is to promote it with a large number of well-known KOLs in the form of rebates, and obtain traffic through the influence of KOLs. This method is also quite common in the currency circle, but it is worth noting that compared with other platforms, Dexx's rebate ratio is very high, and the highest is even up to 50%-60% of the handling fee. In the docking between official personnel and KOLs, it was mentioned that the top KOLs can get more than 40,000 US dollars through rebates alone. Under the temptation of interests, there are many KOL participants, especially Chinese KOLs. More than 25 well-known KOLs such as Youmi, Daewoo, Hongshen, and Sha Po Lang have promoted DEXX. There are even some KOLs who promote without bottom line in private domain traffic, which is why most of the victims this time are users in the Chinese area. After the incident, the market launched a series of verbal attacks on this group of KOLs, believing that KOLs abused their influence and did not report the incident in order to profit from it. KOLs responded to this accusation in different ways.

Immediately cutting ties is inevitable. Some KOLs directly deleted the previous promotional copy to erase the market's memory; KOLs who are more careful about their reputation will apologize and make certain compensation for the sake of maintaining stability and long-term profitability, but there are not many KOLs in this group, only a few in number; and the vast majority of KOLs seem to intend to remain invisible and wait for the storm to subside.

Of course, correcting the blame is secondary, and the top priority is to recover the stolen assets. Although Roy said he would pay the full amount, whether he can come up with enough money remains to be seen. If it was a self-directed and self-acted incident, the amount can be recovered through legal means, but if it was really a hacker intrusion, the rights protection in the chain exchange with unclear identity authentication seems even more distant.

According to lawyers Guo Zhihao and Shao Shiwei, DEXX, as a project operated by a domestic institution, is equivalent to engaging in virtual currency-related business activities in China in disguise, and should be identified as illegal financial behavior. The minimum principle is to ban and order it to stop business in accordance with the law. Specifically for this incident, if the platform was really stolen by hackers, the platform illegally collected user private keys and was suspected of infringing on citizens' personal information; if the platform was self-directed and self-acted, it is very likely to be classified as a more stringent fraud crime, and the penalty will be imposed depending on the amount, up to life imprisonment. KOLs who want to hide may also be hard to escape responsibility. Since KOLs are suspected of earning platform commissions through information networks, they are suspected of illegally using information networks and have certain joint liabilities. Although the probability of filing a case for this crime is not high, the threshold for conviction is extremely low. If users insist on clinging to them, KOLs may also lose a layer of skin.

Yesterday, DEXX sent a letter to the hacker on the X platform, saying that it has received strong support from security agencies, partners and exchanges to find the stolen tokens, and is continuing to monitor the hacker's address in order to freeze the stolen funds in time. It now requires that this incident be resolved within the next 24 hours, otherwise it will continue to cooperate with local police, security agencies and exchanges to investigate and take law enforcement actions to protect user assets, no matter how long it takes. The platform said that it is marking the hacker's address and requesting the Solana Foundation to provide assistance. After being marked, the hacker will not be able to recharge into the exchange/exchange into legal currency by any method.

The founder also spoke out again to refute the rumor of loss of contact, saying "For special reasons, we cannot synchronize the latest situation at present. Give us some time to deal with it satisfactorily. The team will synchronize some information and solutions in the next two days. It is not a question of whether it is lost or not."

As for theft, it is not uncommon in the crypto industry. DEXX is not the first case, and it will certainly not be the last. In essence, there is no absolutely safe custodial and non-custodial wallet. In addition to open source on the contract chain to enhance transparency, it can only rely on a stronger background and more abundant funds. Otherwise, it is possible to have major dangers by relying solely on external methods such as trust transmission and auditing. Taking DEXX as an example, the platform has also been audited by CertiK, but the final response to this incident is that the incident occurred on the Solana chain, which is not covered by the audit.

Back to the users themselves, the improvement of security awareness is imminent. In addition to not trusting anyone's promotion easily, when it comes to the use of funds, priority should be given to platforms with sound security mechanisms and sufficient endorsements. In terms of fund security management, under the premise of decentralized placement of assets, completely independent devices should be used as much as possible for operation. It is recommended to use decentralized authentication, not convenience as the core, avoid setting up password-free and live authentication, use plug-ins with caution, and use hardware wallets for storage of large assets. Users should keep in mind that security is the priority of operations, otherwise the first pot of gold earned in the bull market may become someone else's.

On the other hand, if it is really a platform Rug, even if the founder runs away, he may not be able to rest easy. After all, as a guarantor who has been opened and may hold more than 100 million yuan, no matter where he is, there is no safe place to stay.