In this Bit market bull run, in addition to Bit repeatedly hitting new highs, the most closely watched is the meme coin (Memecoin) craze that has erupted on the public chain Solana, and the on-chain trading terminal DEXX has also been dubbed the "on-chain Binance", attracting many users' attention and becoming one of the most popular "on-chain meme" tools.
However, on the 16th, a large number of DEXX users posted screenshots on Twitter, claiming that their assets on DEXX were attacked by hackers and went to zero overnight. DEXX official later also acknowledged on Twitter that tokens of multiple users were transferred away:
DEXX has currently noticed the problem of users' tokens being transferred away, and multiple professional security audit teams are working on analysis and investigation. The team is working hard to resolve the issue, and there is no rug.
Cos(Cosine): Private keys must have been exposed
Regarding the DEXX incident, Cos(Cosine), the founder of the security agency Slow Mist, previously stated that it is highly likely that the users' private keys were exposed, but the specific way of exposure is still under investigation:
Pay attention to the DEXX trading tool, some users have been stolen, and several stolen users have requested us through various channels early in the morning, with losses ranging from large to small. The theft was concentrated in time, and the loss is estimated to be not small, with some users promptly withdrawing part of the funds. The group of victims is related to using DEXX for on-chain meme/MEME speculation, and the private keys belong to the centralized custody of DEXX, which must have been exposed, and the specific way of exposure is pending investigation and disclosure.
Pay attention to the DEXX trading tool, some users have been stolen, and several stolen users have requested us through various channels early in the morning, with losses ranging from large to small. The theft was concentrated in time, and the loss is estimated to be not small, with some users promptly withdrawing part of the funds. The group of victims is related to using DEXX for on-chain meme/MEME speculation, and the private keys belong to the centralized custody of DEXX, which must have been exposed, and the specific way of exposure is pending investigation and disclosure. https://t.co/Qwt5DwBU4b
— Cos(Cosine)
(@evilcos) November 16, 2024
How much was stolen?
As for the amount stolen, as of now, Cos(Cosine) has also stated on Twitter that based on the information he has collected from more than 500 victims, at least $13 million has been stolen:
We analyzed the stolen information submitted by more than 500 independent victims, with an estimated loss of about $13 million, of which:
. $500k - $1m: 1 victim
. $100k - $500k: 19 victims
. $10k - $100k: 178 victims
. < $10k: 203 victims
However, according to the current disclosure of Twitter users, the stolen funds may be far more than this amount, as in addition to the stablecoin USDT, there are also large amounts of the recently exploding meme coins, such as $BAN, $Pnut, $BITCAT tokens, as well as SOL being stolen, and some even claim that the affected funds have reached hundreds of millions of dollars.
Beosin Alert: Hackers have not yet transferred out the stolen funds
As for the funds stolen by the hackers, the Web3 security team Beosin Alert also posted on the 16th that the hackers have not yet transferred the funds out:
We have collected about 2,800 addresses from some of the victims, with more than 9,000 stolen transactions, and analyzed the funds from some of the stolen addresses, found that the stolen funds were deposited in the hacker's address and had not been transferred out yet.
We collected about 2,800 addresses from some of the victims, with more than 9,000 stolen transactions, and analysed the funds from some of the stolen addresses, found that the stolen funds were deposited in the hacker's address and had not been transferred out yet.#DEXX https://t.co/Y8kaI5iN8H pic.twitter.com/M6eJNg0Dwu
— Beosin Alert (@BeosinAlert) November 16, 2024
Official response: Discussing solutions
Currently, the DEXX official has not yet provided a specific explanation for the hacking incident, and the total amount of stolen funds cannot be confirmed, only responding on Twitter that:
1. The team has communicated with multiple law enforcement agencies to file a case
2. Hoping to communicate with the hacker
3. The Slow Mist team has intervened, and is investigating and calculating the losses of all users, as well as the flow of the hacker's funds
4. Discussing solutions for users
However, the community is not buying DEXX's response, with many users suspecting DEXX of self-stealing and accusing them of "thief catching thief". Some users also found that the funds stolen from many users were transferred to a single address, and they suspect this may be a platform isolation measure, but DEXX has not provided a clear explanation for this.
