Lessons from the DEXX Incident: How to Understand the Risks of Custodial Wallets

Whether the user has exclusive control over the private key of the address

Author: Bitrace

Recently, the DEXX platform has encountered a serious asset theft crisis. As a cross-chain on-chain comprehensive trading tool, DEXX supports quick trading, anti-MEV, and strategy trading functions, and under the outbreak of the memecoin market, it has provided tens of thousands of users with an extremely convenient trading experience. However, on November 16, many users found that their account assets were emptied.

The reason is that it adopted a centralized asset custody form similar to that of an exchange, but did not adopt a corresponding security-level asset management solution, and this architecture made almost all users' assets exposed to risks.

This event not only reveals the vulnerabilities in DEXX's asset management, but also provides us with an opportunity to deeply understand the risks of custodial wallets.

Difference between custodial and self-custodial accounts

Custodial account: In the traditional financial field, centralized financial institutions have complete control over user assets, and users must apply to the institution to redeem funds. For example, centralized exchanges allocate addresses to users only for recharging, and users do not have operation permissions. All trading, transfer, and withdrawal activities need to be approved by the platform.

This means that the platform's risk control level will largely affect the security of user assets.

Self-custodial account: Self-custodial accounts are decentralized wallet solutions where users have full ownership of their assets. After generating a seed phrase or private key in a trusted environment, users can transfer the assets in the address without the permission of any third party.

Whether the user has exclusive control over the private key or seed phrase of the address is the key feature that distinguishes custodial and self-custodial accounts.

Difference between DEXX being hacked and an exchange being hacked

Exchange account theft usually falls into two categories: the user's platform custodial account control permissions are exposed, leading to illegal transfer of assets, or the platform itself is hacked, and the assets in the hot wallet are directly transferred out, or even the private key and seed phrase of the cold wallet are stolen.

DEXX adopted a similar centralized account architecture, allowing users to create addresses on the platform and sharing address operation permissions with users, but unlike CEX, the former does not centrally manage the custodial funds of users - such as cold and hot wallet isolation, multi-signature management, etc., which has also created conditions for the occurrence of single point of failure.

How users should avoid custodial risks

• Balance between security and convenience: Although the traditional on-chain transaction steps are cumbersome, bypassing these steps in pursuit of trading opportunities will increase the risk. Therefore, it is recommended that users, on the basis of fully understanding the risks, appropriately use custodial services and limit the risk exposure within their tolerance.
• Do not blindly trust: Do not easily hand over your address permissions to others or tools. In daily use, you should manage your own permissions and avoid using suspicious applications or clicking on unclear links.
• Learn Web3 anti-fraud knowledge: Understanding common fraud tactics can help investors avoid most potential risks. Bitrace has written a Web3 anti-fraud handbook to help ordinary investors raise their security awareness, you can access this link to get it: https://bitrace.io/en/blog

Conclusion

The DEXX incident shows that while enjoying the convenience brought by blockchain technology, we must always be vigilant. By understanding the risks of custodial wallets and taking corresponding preventive measures, investors will be better able to protect their digital assets.

Disclaimer: As a blockchain information platform, the articles published on this site only represent the personal views of the authors and guests, and are not related to the position of Web3Caff. The information in the articles is for reference only and does not constitute any investment advice or offer, and please comply with the relevant laws and regulations of your country or region.