Recently, the DEXX platform has encountered a serious crisis of asset theft. As a comprehensive on-chain trading tool common to multiple chains, DEXX supports functions such as fast trading, anti-MEV, and strategic trading. It has provided hundreds of thousands of users with an extremely convenient trading experience amid the memecoin market explosion. However, on November 16, many users found that their account assets had been emptied.

The reason is that it adopts a centralized asset custody form similar to an exchange, but does not adopt an asset management solution with a corresponding security level. This architecture makes almost all users assets are exposed to risk.

This incident not only revealed the loopholes in DEXX's asset management, but also provided us with an opportunity to deeply understand the risks of custodial wallets.

The difference between custody accounts and self-custody accounts

Custody accounts: In the traditional financial field, centralized financial institutions have complete control over user assets, and users want Requests for redemption of funds must be made to the institution. For example, the addresses assigned to users by centralized exchanges are only used for recharge, and users do not have operational permissions. All transactions, transfers, and withdrawals must be approved by the platform.

This means that the risk control level of the platform will greatly affect the security of user assets.

Self-custody account: A self-custody account is a solution that uses a decentralized wallet solution and allows users to fully control the ownership of their assets. After users generate a mnemonic phrase or private key in a trusted environment, they can transfer assets within the address without anyone's permission.

Whether the user exclusively possesses the private key or mnemonic of the address is the key feature that distinguishes hosting from self-hosting.

The difference between DEXX being stolen and exchange being stolen

Exchange account theft is usually divided into two situations: the user's platform custody account control rights are exposed, resulting in assets being stolen Illegal transfer, or the platform itself is hacked, the assets in the hot wallet are directly transferred out, or even the private key and mnemonic phrase of the cold wallet are stolen.

DEXX adopts a similar centralized account structure, allowing users to create addresses on the platform and share address operation permissions with users, but unlike CEX, The former does not aggregate users' custody funds into several centralized addresses for safe management - such as cold storage., hot wallet isolation, multi-signature management, etc., which also create conditions for the occurrence of single points of failure.

How users should avoid custody risks

The trade-off between security and convenience: Although the steps of traditional on-chain transactions are cumbersome, bypassing these steps in order to pursue trading opportunities will Increased risk. Therefore, it is recommended that users use custody services appropriately and limit risk exposure within a tolerable range based on a full understanding of the risks.

Don’t trust blindly: Don’t easily give your address permissions to others or tools. In daily use, you should manage your permissions and avoid using suspicious applications or clicking unknown links.

Learn Web3 anti-fraud knowledge: Understanding common fraud techniques can help investors avoid most potential risks. Bitrace has written a Web3 anti-fraud manual to help ordinary investors improve their security awareness. You can access it by visiting this link: https://bitrace.io/en/blog

Conclusion

DEXX incident shows that when enjoying the convenience brought by blockchain technology, one must always remain vigilant. By understanding the risks of managed wallets and taking corresponding preventive measures, investors will be able to better protect themselves. own digital assets.