DEXX Incident Inspiration: Understanding Crypto Custody Risks

Recently, the DEXX platform experienced a severe asset theft crisis.As a multi-chain integrated on-chain trading tool, DEXX offers features such as quick transactions, MEV resistance, and strategy-based trading. Amid the booming memecoin market, it provided hundreds of thousands of users with a highly convenient trading experience. However, on November 16, many users discovered their account assets had been completely wiped out.

The issue stems from DEXX’s centralized asset custody model, similar to that of traditional exchanges, but lacking corresponding security measures for asset management. This architecture left almost all user assets exposed to significant risks.

This incident not only exposed vulnerabilities in DEXX’s asset management system but also provided an opportunity to deeply understand the risks associated with custodial wallets.

Difference Between Custodial and Self-Custodial Accounts

Custodial Accounts

In traditional finance, centralized institutions have complete control over users’ assets. Users must request withdrawals from the institution. For instance, centralized exchanges allocate addresses to users solely for deposits. Users do not have direct control over these addresses, and all transactions, transfers, and withdrawals require platform approval.

This means that the platform’s risk control capabilities heavily impact the safety of users’ assets.

Self-Custodial Accounts

Self-custodial accounts use decentralized wallet solutions, where users retain full ownership of their assets. After securely generating a seed phrase or private key in a trusted environment, users can transfer assets from their addresses without any third-party approval.

The key distinction between custodial and self-custodial accounts lies in whether users exclusively control the private key or seed phrase of the address.

Differences Between the DEXX Incident and Exchange Hacks

Exchange account breaches typically fall into two categories:

1. Users’ platform custodial accounts are compromised, leading to unauthorized asset transfers.
2. The platform itself is hacked, with assets in hot wallets directly stolen or private keys/seed phrases for cold wallets compromised.

DEXX adopted a similar centralized account structure, allowing users to create addresses on the platform and sharing operational permissions with them. However, unlike centralized exchanges (CEXs), DEXX did not consolidate user custodial funds into secure centralized addresses for management, such as through cold-hot wallet separation or multi-signature management. This created conditions for single points of failure.

How Users Can Mitigate Custodial Risks

Balance Security and Convenience:

While traditional on-chain transaction processes can be cumbersome, bypassing them for convenience may increase risks. Users should carefully evaluate custodial services and limit their exposure to risks within acceptable bounds.

Avoid Blind Trust:

Do not easily hand over address permissions to others or tools. Regularly manage your permissions and avoid using suspicious applications or clicking unknown links.

Learn Web3 Fraud Prevention:

Understanding common scams can help investors avoid most potential risks. Bitrace has published a Web3 Anti-Fraud Guide aimed at helping ordinary investors improve their security awareness. You can access it via this link: https://bitrace.io/en/blog.

Conclusion

The DEXX incident demonstrates that while enjoying the convenience of blockchain technology, users must remain vigilant. By understanding the risks of custodial wallets and adopting appropriate preventive measures, investors can better protect their digital assets.

Contact us:

Website: www.bitrace.io

Email: bd@bitrace.io

Twitter: @Bitrace_team

LinkedIn：@bitrace tech