XT.COM’s Post-Mortem on the November 2024 Wallet Security Incident

In late November 2024, XT.COM—one of the world’s leading cryptocurrency exchanges—detected an abnormal transfer involving approximately 1 million USDT (across multiple currencies) from a platform-owned wallet (on-chain address: 0xdb3ded7731c781224ec292e2163d9554c094fd7c). While the incident involved only XT.COM's internal assets and no user funds were affected, the event prompted an immediate and comprehensive security response.

This post-mortem provides a full breakdown of the incident, including its impact, root causes, timeline, and the corrective actions taken to safeguard our infrastructure and uphold the trust of our global user base.

Summary

• Incident Date & Time: November 28, 2024, around 08:23 UTC.
• Nature: An abnormal transfer from XT.COM’s platform-owned wallet.
• Affected Assets: Approximately 1 million USDT (spread across 12 currencies).
• User Impact: No user funds were compromised as these assets belonged solely to XT.COM.
• Status: The issue was contained and resolved. XT.COM has further strengthened our internal protocols as a preventative measure.

Impact

Financial: The transferred assets were owned exclusively by XT.COM and did not affect user balances or trading.

Platform Operations: To minimize risk, XT.COM temporarily suspended withdrawals, leading to short-term inconvenience but ensuring a safe environment while the incident was investigated.

User Trust: XT.COM communicated promptly with stakeholders, maintaining transparency throughout to uphold confidence in our exchange.

Root Causes

Potential Security Loophole

A vulnerability in wallet management workflows allowed for an abnormal transfer without immediate detection.

Legacy internal checks did not fully account for unexpected outgoing transfers of certain token types, prompting a deeper review of multi-token wallet infrastructure.

Heightened On-Chain Activity

During periods of high on-chain volume, previously unexposed inefficiencies in monitoring systems may surface. Similar to situations seen across the industry during blockchain congestion events, resource contention in validation and alerting processes can hinder real-time defenses.

Latency in Automated Response

Although our security systems flagged the transfer quickly, initial alerts required manual correlation. This slight delay, while brief, allowed for some asset movement before automated interception could fully take effect.

Trigger

Unusual Transfer Attempt

A transfer request from the impacted wallet triggered automated alarms. Subsequent logs indicated that multiple tokens were swept out rapidly, raising suspicion and prompting an urgent security response.

Detection

Automated Monitoring Systems

XT.COM’s internal security platform detected and flagged the abnormal outgoing transactions.

Immediate Alert

At 08:25 UTC, the Security Operations Center (SOC) was notified, initiating the isolation of the affected wallet and halting external transfers from related systems.

What Went Wrong

Insufficient Real-Time Correlation

While alerts were generated promptly, additional cross-layer validation steps slightly delayed full enforcement of automated security controls.

Complex Multi-Token Transactions

Simultaneously handling various token standards and transfer mechanisms introduces operational complexity. When under stress, systems that are not optimized for high-volume multi-asset tracking can experience reduced efficiency in transaction validation.

Limited Cache & Replay Mechanisms

In some parts of the infrastructure, transaction replay validation was triggered multiple times for the same data. This contributed to performance drag during the critical response window. These redundant checks, while designed for accuracy, highlighted opportunities to optimize caching logic in abnormal event scenarios.

Where We Got Lucky

Rapid Isolation

Within minutes, the affected wallet was quarantined, preventing any further unauthorized activity.

Strong Reserves

XT.COM maintains 1.5× user assets in reserve, ensuring ample coverage of all customer funds.

No Impact on Users

Because the stolen or misdirected assets were XT.COM property, no user holdings were compromised.

No Extended Downtime

Withdrawals were suspended briefly but fully restored once security checks confirmed no ongoing threat.

Lessons Learned

Stress Testing & Scalability

This event reinforces the importance of rigorous, real-world stress testing. Systems must be validated not only under normal conditions but also under unexpected, high-pressure loads that reflect today's dynamic on-chain environments.

Improved Cross-Validation

XT.COM is refining how different components of its monitoring infrastructure communicate with one another. This ensures that any anomaly—especially across wallet, blockchain node, and risk control systems—can trigger immediate and unified mitigation.

Enhanced Forensic Tooling

Post-incident analysis revealed the need for more advanced correlation tools across token types. XT.COM is enhancing its forensic and audit systems to support faster, more granular post-event investigation.

Fixes Implemented

Refined Wallet Access Controls

XT.COM has updated internal policies to automatically block any unexpected high-value or high-volume transfers until verified by a multi-signature protocol.

Upgraded Monitoring Infrastructure

We integrated an expanded caching and replay-check system to quickly detect repeated or suspicious transaction patterns.

Strengthened Security Architecture

Building on our existing 24/7 oversight, we introduced advanced threat detection modules aimed at spotting abnormal on-chain activity in near real-time.

Merkle Tree Asset Proof

Scheduled for mid-December, enabling community members to independently verify XT.COM’s on-chain holdings.

User Education Campaigns

While user funds were never impacted, we continue to provide educational resources that help safeguard accounts from phishing and unauthorized access.

Timeline (Approximate, UTC)

2024/11/28 08:23

Abnormal Activity Detected

Automated systems identify suspicious outgoing transfers from the platform-owned wallet.

2024/11/28 08:25

Immediate Alert

The Security Operations Center (SOC) issues a high-priority warning. Related wallet systems are flagged.

2024/11/28 08:30

System Isolation

The affected wallet is quarantined to prevent additional unauthorized transactions.

2024/11/28 08:50

Temporary Suspension of Withdrawals

XT.COM halts all coin withdrawals to maintain integrity while the security team investigates.

2024/11/28 09:10

Initial Public Announcement

XT.COM informs the community of the incident, emphasizing that no user funds are at risk.

2024/11/28 10:00–17:00

Comprehensive Investigation

Internal teams collaborate with external security specialists, conducting forensic analysis and implementing immediate fixes.

2024/11/28 17:44

Media Coverage

Multiple outlets report on the incident. XT.COM reiterates that user holdings remain unaffected.

2024/11/29

Gradual Restoration of Withdrawals

After verifying the environment is secure, XT.COM begins to restore withdrawal services in phases.

Looking Ahead

This challenging incident has reinforced XT.COM’s commitment to proactive security measures, transparent communication, and industry-leading standards. We acknowledge that continuous vigilance is essential in the fast-evolving cryptocurrency landscape. Accordingly, we will remain focused on refining our internal processes to maintain a safe and reliable trading environment for all participants.

For further information on XT.COM’s enhanced security features, trading options, or to reach our 24/7 support team, please visit XT.COM or contact us at [email protected].

About XT.COM

Founded in 2018, XT.COM now serves nearly 7.8 million registered users, over 1,000,000 monthly active users and 40 million users in the ecosystem. Our comprehensive trading platform supports 800 high-quality tokens and 1000 trading pairs. XT.COM crypto exchange supports a rich variety of trading, such as spot trading, margin trading, and futures trading together with an aggregated NFT marketplace. Our platform strives to cater to our large user base by providing a secure, trusted and intuitive trading experience.