OKX’s Star Xu fires a shot at DEX products, calls for CEX-standard security

OKX CEO Star Xu has advice for decentralized exchange (DEX) products after a weekend of security risks being exposed in exploits. The exchange executive highlighted the need for them to meet the same rigorous standards that centralized exchanges (CEXs) are subjected to. 

According to Xu, a lot of existing DEX bot products require that users upload their private keys to centralized servers, where they are stored in plaintext or decryptable form.

In Xu’s estimation, he believes that it creates a centralized private key risk that elevates their vulnerability to the level of CEXs in the case of a compromise. Because of this, Xu says there is a need for such products to be able to meet exchange-level security standards to protect their users.

As far as he is concerned, products like DEXs and DEX bots are not truly self-custodial in the way they’re touted to be and, as a result, can potentially trigger regulatory obligations like KYC/AML in many jurisdictions as crypto continues to signal adoption.

OKX’s Star Xu fires a shot at DEX products

In Xu’s post, he outlines wallet compromise risks, including code vulnerabilities, data leakages, and device malware, while highlighting some solutions the team at OKX is working on to address these issues, like the concept of smart accounts.

According to documentation, smart accounts are a feature the team plans to introduce on the OKX wallet and will utilize TEE technology to automate trading custody keys, proving that security and usability don’t have to be mutually exclusive.

For now, Xu says OKX Pay is still a conceptual product. However, over the next year, he says the team will continue to introduce more powerful capabilities to better safeguard asset security for ordinary users.

Xu’s comment comes after hacking incidents reported by Cryptopolitan over the weekend that targeted DeBot, a DEX trading bot, and Flow, an L1 built for consumer apps, resulting in the loss of millions.

How much was lost in the Flow exploit?

According to a recent update from the Flow team, an attacker targeted a vulnerability in its execution layer and moved approximately $3.9M in assets off-network before validators caught it and executed a coordinated halt.

The Foundation’s security team confirmed $3.9 million got drained, primarily routed through bridges — Celer, Debridge, Relay, and Stargate.

The attacker’s wallet has been identified and flagged, and active laundering via Thorchain/Chainflip is reportedly being tracked in real-time with freeze requests submitted to Circle, Tether, and major exchanges. Forensic analysis is also ongoing.

The team claims containment is now complete as well, with the network halt validators implemented, severing exit paths while remediation is in progress. No further unauthorized activity is allegedly possible.

According to the post, the confirmed funds exited represent a manageable amount and do not threaten network solvency or user funds. As such, the immediate priority is remediation and a safe restart.

As for when a restart can be expected, the team claims there is already a protocol fix in place that is about to enter final validation. The restart is scheduled to happen within hours pending a successful testnet validation. However, it will not happen until the fix has been fully validated.

Get up to $30,050 in trading rewards when you join Bybit today