Author: BlockBeats
On November 16, the user assets of the on-chain trading terminal DEXX were stolen, and many meme coins experienced a large amount of market crashes in the early morning of this morning. The security company has not yet determined the specific amount of theft. There are rumors in the community that the current loss of assets has reached more than 16 million US dollars.
DEXX founder Roy said this morning that he would compensate users for their losses. So far, many users have reported that their account assets have been isolated to a safe address.
After the DEXX theft, the community began to scrutinize this meme-exclusive trading platform that was once flooded with its rebate links, and the KOL who promoted DEXX was also angered by users.
Yu Xian, founder of the security agency SlowMist, said, "The people whose data was stolen were related to using DEXX to make earth dogs/speculate MEME. The private key belongs to the centralized custody of DEXX and must have been leaked. As for the way of leakage, investigation and disclosure are required."
The community found that according to the export_wallet request information in the developer tools, when exporting the DEXX private key, the private key is presented in plain text, which means that the user's private key is actually on the official server. If the communication is not encrypted, the attacker may intercept the user's private key during the transmission process. Even if HTTPS transmission is used, the direct transmission of the private key may lead to privacy data leakage due to browser vulnerabilities or other security issues.
Therefore, some users jokingly said that "DEXX has redefined non-custodial wallets."
In addition, the wallet application OneKey stated that DEXX has repeatedly requested permission to "upload user clipboard content", and it is possible that it has uploaded the user's clipboard content, saying "If you have copied the private key mnemonic on your phone, transfer your assets as soon as possible."
DEXX's audit was completed by Certik, and the audit report it gave showed that DEXX scored 59.31 points. This failing score means as many as 9 risks. Among them, the main risk of "centralization" has not been resolved; two of the four moderate risks have been resolved and two have not been resolved, including "vulnerable code"; there are four mild risks, only one of which has been resolved.
Some users said that DEXX and various trading bots are naked in terms of security. The project parties, without exception, all have the same mentality - "Users don’t understand or care anyway. There are lucky peers who do the same but haven’t been stolen. If I care, I will have to pay a lot of R&D costs and user experience costs, so I don’t have to care."
Considering that BananaGun and Unibot had previously encountered theft risks, the answer to on-chain transactions is still "Not Your Keys, Not Your Money".
11-16 14:12
According to GoPlus security monitoring, phishing scams related to rights protection and compensation, such as "rights protection community", "DEXX stolen registration", and "DEXX compensation" have been found specifically targeting DEXX stolen users. Users must be careful to identify and do not upload private keys/mnemonics or connect to wallets for confirmation to avoid secondary damage.
11-16 14:02
SlowMist founder Yu Xian posted an update on the DEXX incident on social media, saying that SlowMist has received nearly 500 requests for information related to the theft of DEXX. The incident analysis is still in progress. The preliminary judgment is that the loss is already in the tens of millions of dollars (because the price of some Meme coins fluctuates too much). Almost every victim has a different attacker address, indicating that the attacker of this incident has planned for a long time. The source of gas was exchanged through XMR 3 days ago.
11-16 13:27
CertiK, a blockchain security audit company, issued a statement saying that it has recently received a large number of requests for help from DEXX platform users, and users reported that their account assets have been emptied. CertiK has verified that the security incident occurred on the Solana chain, but the chain is not within the scope of CertiK's audit coverage.
CertiK said that the main reason for the incident was improper management of the DEXX platform's private keys, which led to the leakage of the official private keys.
11-16 12:30
SlowMist founder Yu Xian responded on social media to the screenshots of the online rumor that "DEXX users have been stolen a total of 488 million US dollars" and said that the hacker address corresponding to each victim in the DEXX case is different, and the stolen funds will not be concentrated in one address.
11-16 08:56
According to GMGN market data, BAN, LUCE, PNUT and other memes have fallen to varying degrees, possibly affected by the theft of DEXX. Among them:
· BAN has fallen by about 30% since the incident and is currently quoted at $0.126
· LUCE has fallen by about 20% since the incident and is currently quoted at $0.211
· PNUT has fallen by as much as 12.5% since the incident and is currently quoted at $1.72
Indian authorities crack down on cryptocurrency fraud schemes like HPZ Token and E-Nugget, seizing assets and sending a strong message against illegal activities. Despite concerns, young Indian investors drive crypto market growth, but regulatory clarity is essential for mainstream adoption.
AnaisMicrosoft commits $2.2 billion to boost Malaysia's AI and cloud infrastructure, partnering with the government to enhance cybersecurity and foster local AI development.
MiyukiThe son-in-law of well-known Taiwanese singer Yu Tian has been arrested and detained, reportedly having strong ties to a certain exchange and suspected of cryptocurrency money laundering.
AlexChinese official media, based on court decisions, indicates that cryptocurrency transactions are legally invalid, and losses are borne by the individual.
MiyukiMichael Saylor predicts SEC will label Ethereum as a security, impacting ETF applications and other major cryptocurrencies’ classification and market acceptance.
WeiliangRyan Salame, ex-co-CEO of FTX, agrees to forfeit a $5.9 million Bahamas property to settle criminal charges, as part of a plea deal.
AlexAlan Scott reveals U.S. senators and the FBI show unexpected support for privacy in crypto, debunking myths of a privacy crackdown.
MiyukiThe blockchain analytics firm will furnish Tether with tools designed to detect both sanctioned and illicit activities within the cryptocurrency space.
CatherinePantera Capital's investment in TON, fueled by Telegram's vast user base, signals optimism for TON's role in mainstream crypto adoption. Challenges remain, but with Pantera's backing, TON aims to become a widely embraced blockchain network in the near future.
JoyIn Singapore, a poker game among crypto enthusiasts turned into a heist with robbers, knowledgeable about cryptocurrency, stealing over 4.34 million SGD, hinting at an inside job.
Weiliang