DEXX platform suffers a major cyber attack, Crypto Assets market is hit.

On the night of November 16, a well-known decentralized trading platform suffered a severe cyber attack, resulting in the illegal transfer of a large amount of user assets. Preliminary estimates suggest that the platform may have lost up to tens of millions of dollars, with the total losses potentially reaching over one hundred million dollars.

A Web3 security expert pointed out that users' private key information has been leaked, but the specific leakage channel is still under investigation. This incident has severely undermined market confidence in the platform, with some even suspecting internal involvement. Although the truth is not yet clear, this large-scale fund theft incident has undoubtedly dealt a heavy blow to the recently active on-chain Meme market, while also reigniting concerns about the security of on-chain assets.

Latest Developments in Events

The trading platform holds an important position in the Meme coin market, providing trading and liquidity services for Meme tokens, and supports project launches, staking, and lending, forming a complete Meme financial ecosystem. The platform's daily trading volume ranks among the top in DEXs for a long time and is known as the on-chain "Binance" of the Meme coin market.

Preliminary investigations show that the scale of the stolen funds has reached over 100 million yuan, and the hackers are still continuing their crimes. Technical analysis reveals that the platform has serious security vulnerabilities:

1. Private key storage issue: Although it is a non-custodial platform, it records user private keys.
2. The private key is transmitted in plaintext during export, making it vulnerable to interception.

The platform founder Roy responded on social media that due to special reasons, he is temporarily unable to synchronize updates and asked for more time to address the issue. He stated that he would compensate users for their losses and has isolated some user accounts. However, as the amount stolen continues to rise, most users express skepticism, believing it might be a "self-directed theft" orchestrated by the platform.

The community has discovered that when exporting private keys, the private keys are presented in plaintext on this platform, meaning that user private keys are actually stored on the official server. If the communication is not encrypted, attackers may intercept user private keys during transmission. Even with HTTPS transmission, directly transmitting private keys may lead to the leakage of private data due to browser vulnerabilities or other security issues.

Impact on the Meme Coin Market

As a result of this event, several Meme coins have experienced varying degrees of decline:

• BAN dropped by about 30%
• LUCE dropped by about 20%
• PNUT fell by about 12.5% at most.

It is worth noting that this hacking attack may still be ongoing. As of the 17th, at least $13 million has been confirmed stolen, but the actual losses may far exceed this figure. In addition to the stablecoin USDT, a large number of recently popular Meme coins, such as $BAN, $Pnut, $BITCAT, and SOL, have also been stolen.

A Web3 security team has stated that they have currently collected around 2,800 victim addresses and analyzed over 9,000 transactions of stolen funds. According to their analysis, the stolen funds are still held in addresses controlled by hackers and have not yet been transferred. This means that the hackers' "ultimate goal" has not yet been revealed, which could have a greater impact on the Meme coin market and even the entire Crypto Assets market.

How to Safely Custody Funds

In view of the frequent occurrence of such events, investors must take the following measures to protect their assets:

1. Use a hardware wallet to store main assets
2. Distributed asset storage to avoid "single point of failure"
3. Choose a decentralized custody solution, such as a multi-signature wallet.
4. Review the security of the exchange or platform, and understand its fund custody mechanism.
5. Consider purchasing encryption insurance against hacker attacks

In addition, it should also be noted:

• Be cautious of recommendations from others and research the product mechanism thoroughly.
• Choose tools with a good reputation and a longer operational history.
• Be wary of online scams, do not click on unknown links or respond to unsolicited private messages.
• Transfer funds to a wallet under your control after large transactions.

Finally, it is recommended to re-read "The Dark Forest Survival Manual for Blockchain", always prioritizing security in the world of blockchain.