CertiK, a prominent blockchain security audit company, has confirmed a significant security incident affecting the DEXX platform on the Solana blockchain network.
The security firm’s investigation revealed that the primary cause of the breach was inadequate private key management by the DEXX platform, which resulted in the compromise of official private keys.
While the incident occurred on the Solana chain, CertiK noted that the affected platform had not undergone their security audit process, highlighting the importance of professional security reviews in blockchain projects.
Scale of the Attack and Financial Impact
The security breach has resulted in substantial financial losses, with stolen funds reportedly reaching hundreds of millions of yuan.
According to Slow Mist founder Yu Xian, their team has received approximately 500 incident reports related to the DEXX theft.
Initial analysis indicates losses in the tens of millions of dollars, though precise quantification is complicated by significant token price fluctuations.
A notable aspect of the attack’s sophistication is that almost every victim corresponds to a different attacker address, suggesting a well-orchestrated operation that had been meticulously planned, with attackers preparing gas fees from XMR exchanges approximately three days before the execution.
Also Read: Binance Co-Founder CZ Reveals Hack on Giggle Academy’s Official X Account
Ongoing Criminal Activity and Secondary Threats
The situation remains active, with hackers continuing their malicious activities. Adding to the primary security breach, GoPlus security monitoring has identified several secondary threats in the form of phishing scams targeting affected users.
These scams are masquerading as legitimate services under names such as “Rights Protection Community,” “DEXX Stolen Registration,” and “DEXX Compensation.”
These fraudulent schemes specifically target victims of the initial DEXX theft, attempting to exploit their vulnerability for additional criminal gains.
Security Recommendations and Warnings
CertiK has issued strong recommendations emphasizing that secure storage and management of private keys are fundamental to maintaining asset security in blockchain projects.
Users are strongly advised to exercise extreme caution and vigilance, particularly regarding any communications or services claiming to offer assistance with recovery or compensation.
GoPlus security specifically warns users against uploading private keys or mnemonic phrases, or connecting their wallets to unverified services for “confirmation” purposes, as these actions could lead to secondary losses.
These warnings underscore the critical importance of maintaining strict security protocols and verifying the legitimacy of any recovery-related services in the aftermath of such security breaches.
Also Read: GIGA Token Crashes 10% As Hacker Dumps $6M Worth In Massive Selloff