Recently, the DEXX platform has encountered a serious asset theft crisis. As a multi-chain on-chain comprehensive trading tool, DEXX supports quick trading, anti-MEV, strategic trading and other functions. Under the outbreak of memecoin market, it provides hundreds of thousands of users with an extremely convenient trading experience. However, on November 16, many users found that their account assets were emptied.
The reason is that it adopts a centralized asset custody form similar to that of an exchange, but does not adopt an asset management solution with a corresponding security level. This architecture exposes almost all users' assets to risks.
This incident not only reveals the loopholes in DEXX's asset management, but also provides us with an opportunity to deeply understand the risks of custodial wallets.
Differences between Custodial Accounts and Self-Custody Accounts
Custody Accounts: In the traditional financial sector, centralized financial institutions have complete control over user assets, and users must apply to institutions to redeem funds. For example, the addresses assigned to users by centralized exchanges are only used for recharges, and users do not have operational permissions. All transactions, transfers, and withdrawals must be approved by the platform.
This means that the risk control level of the platform will greatly affect the security of user assets.
Self-Custody Accounts: Self-Custody accounts use decentralized wallet solutions, and users have full control over the ownership of their assets. After users generate mnemonics or private keys in a trusted environment, they can transfer assets in the address without anyone's permission.
Whether the user exclusively controls the private key or mnemonic of the address is the key feature that distinguishes custody from self-custody.
The difference between the theft of DEXX and the theft of exchanges
Exchange account thefts are usually divided into two situations: the user's platform custody account control authority is exposed, resulting in illegal transfer of assets, or the platform itself is hacked, the assets in the hot wallet are directly transferred out, and even the private key and mnemonic phrase of the cold wallet are stolen.
DEXX adopts a similar centralized account architecture, allowing users to create addresses on the platform and share address operation permissions with users, but unlike CEX, the former does not collect users' custody funds into several centralized addresses for security management - such as cold and hot wallet isolation, multi-signature management, etc., which also creates conditions for the occurrence of single point failures.
How should users avoid custody risks?
Trade-off between security and convenience: Although the traditional on-chain transaction steps are cumbersome, bypassing these steps in pursuit of trading opportunities will increase risks. Therefore, it is recommended that users adopt custody services appropriately on the basis of fully understanding the risks and limit the risk exposure to an acceptable range.
Don't trust blindly: Don't easily give your address permissions to others or tools. In daily use, you should manage your permissions and avoid using suspicious applications or clicking on unknown links.
Learn Web3 anti-fraud knowledge: Understanding common fraud methods can help investors avoid most potential risks. Bitrace has compiled a Web3 anti-fraud manual to help ordinary investors improve their security awareness. You can visit this link to get it: https://bitrace.io/en/blog
Conclusion
The DEXX incident shows that when enjoying the convenience brought by blockchain technology, we must always be vigilant. By understanding the risks of custodial wallets and taking corresponding preventive measures, investors will be able to better protect their digital assets.
