Blockchain Security Alarm: Lessons from the DEXX Theft Incident
Miners
- tagwu
<div data-elementor-type="wp-post" data-elementor-id="55916" class="elementor elementor-55916" data-elementor-post-type="post">
<div class="elementor-element elementor-element-1c066891 e-flex e-con-boxed e-con e-parent" data-id="1c066891" data-element_type="container" data-settings="{"background_background":"classic"}">
<div class="e-con-inner">
<div class="elementor-element elementor-element-7a163f82 elementor-widget elementor-widget-heading" data-id="7a163f82" data-element_type="widget" data-widget_type="heading.default">
<p class="elementor-heading-title elementor-size-default">OVERVIEW</p> </div>
<div class="elementor-element elementor-element-40b37a77 e-con-full e-flex e-con e-child" data-id="40b37a77" data-element_type="container">
<div class="elementor-element elementor-element-5ea93636 elementor-widget elementor-widget-text-editor" data-id="5ea93636" data-element_type="widget" data-widget_type="text-editor.default">
<p>In recent years, the rise of blockchain technology has drawn significant capital and users, but the frequent occurrence of security breaches has eroded trust in the industry. On November 16, 2024, the cryptocurrency trading platform DEXX faced a major security breach, where thousands of users lost assets totaling an estimated $21 million. This incident underscores not only the flaws in platform security but also the weak awareness of user protection. This article delves into blockchain security challenges and proposes actionable solutions, using the DEXX theft as a case study.</p> </div>
</div>
</div>
</div>
<main class="elementor-element elementor-element-78ac9207 e-flex e-con-boxed e-con e-parent" data-id="78ac9207" data-element_type="container">
<div class="e-con-inner">
<div class="elementor-element elementor-element-6a595f3f e-con-full e-flex e-con e-child" data-id="6a595f3f" data-element_type="container">
<div class="elementor-element elementor-element-4b934603 elementor-widget elementor-widget-table-of-contents" data-id="4b934603" data-element_type="widget" data-settings="{"headings_by_tags":["h2"],"container":"main","exclude_headings_by_selector":[],"marker_view":"bullets","icon":{"value":"","library":""},"no_headings_message":"No headings were found on this page.","sticky":"top","sticky_on":["desktop","tablet"],"sticky_parent":"yes","min_height":{"unit":"px","size":"","sizes":[]},"min_height_tablet":{"unit":"px","size":"","sizes":[]},"min_height_mobile":{"unit":"px","size":"","sizes":[]},"sticky_offset":0,"sticky_effects_offset":0,"sticky_anchor_link_offset":0}" data-widget_type="table-of-contents.default">
<div class="elementor-toc__header">
<h4 class="elementor-toc__header-title">
Table of Contents </h4>
</div>
<div id="elementor-toc__4b934603" class="elementor-toc__body">
<div class="elementor-toc__spinner-container">
<svg class="elementor-toc__spinner eicon-animation-spin e-font-icon-svg e-eicon-loading" aria-hidden="true" viewBox="0 0 1000 1000" xmlns="http://www.w3.org/2000/svg"><path d="M500 975V858C696 858 858 696 858 500S696 142 500 142 142 304 142 500H25C25 237 238 25 500 25S975 237 975 500 763 975 500 975Z"></path></svg> </div>
</div>
</div>
</div>
<div class="elementor-element elementor-element-6c2fef9d e-con-full e-flex e-con e-child" data-id="6c2fef9d" data-element_type="container">
<div class="elementor-element elementor-element-23809d7b e-con-full e-flex e-con e-child" data-id="23809d7b" data-element_type="container">
<div class="elementor-element elementor-element-638b73f9 elementor-widget elementor-widget-heading" data-id="638b73f9" data-element_type="widget" data-widget_type="heading.default">
<h2 class="elementor-heading-title elementor-size-default">The Key Mismanagement: DEXX's Core Vulnerability</h2> </div>
</div>
<div class="elementor-element elementor-element-d3ebbfc e-con-full e-flex e-con e-child" data-id="d3ebbfc" data-element_type="container">
<div class="elementor-element elementor-element-407636b9 elementor-widget elementor-widget-text-editor" data-id="407636b9" data-element_type="widget" data-widget_type="text-editor.default">
<p>The most shocking revelation of <span style="color: #666699"><a style="color: #666699" href="https://www.chaincatcher.com/en/article/2152782" target="_blank" rel="nofollow noopener">the DEXX incident</a></span> was its plaintext storage and transmission of users’ private keys.</p>DEXX claimed to be a noncustodial platform, touting “complete user control over assets.” However, in reality, it centralized the storage of private keys on its servers and failed to encrypt them during export. This gross mismanagement violated the foundational blockchain principle of “Not Your Keys, Not Your Money,” leaving user assets wide open to exploitation by attackers.
Moreover, DEXX’s rapid growth was largely fueled by aggressive promotion from key opinion leaders (KOLs). The platform’s high commission rates, offering up to 60% of transaction fees, incentivized KOLs to endorse it on social media, even comparing it to wellestablished platforms like Binance.
While this strategy quickly brought in users, it lacked proper vetting of the platform’s security and compliance. Following the breach, many KOLs hastily deleted their promotional content, but the damage to users was irreversible
