Cosine: Over 1000 victims have submitted DEXX stolen form information to SlowMist
BlockBeats News: On November 25th, Cosine, the founder of SlowMist, posted on social media that "over 1000 victims have directly submitted DEXX stolen form information to us, and there are also many victims who have been contacted through various channels and our security team. The losses vary greatly, and the general statistical data has been disclosed before. However, there are still many that have not been submitted. We are continuing to conduct various complex cross analysis with DEXX officials and partners to avoid false positives and hope to collect as comprehensive information as possible. This is a complex task. Why is this analysis work so complex? Because the attacker assigned almost every victim a unique wallet address to receive funds. There is almost no capital intersection between these thousands (or even more), almost all of them are independent addresses, with EVM (covering ETH/BSC/Base chains), Solana, and it is currently uncertain whether there is Tron. These are all chains supported by the DEXX platform. There are three main types of false positives: 1. Intentionally or accidentally submitting errors. 2. When attackers steal coins in bulk (as can be seen from their on chain behavior, they have written very rough theft scripts), due to the rough script strategy, many of them did not steal completely in the first time, and many victims recovered their remaining assets (big or small) by themselves. At this time, there is a mixture of attacker addresses and victim addresses. This has also brought a lot of trouble to the analysis work. 3. The attacker intentionally contaminated several victim addresses (some victims contacted us proactively to request exclusion). We know everyone is very anxious. In addition to the DEXX official reporting to the police, several victims have also reported to the police. As a security company, SlowMist has an obligation to cooperate with law enforcement, and the content of law enforcement actions will not be disclosed without authorization. This must be understood. By the way, I would like to remind everyone to keep an eye on their corresponding attacker's wallet address and speak up if there are any changes