Alex Protocol Loses $8.3 Million in DeFi Security Breach

On June 6, the Bitcoin decentralized finance (DeFi) platform Alex Protocol, operating on the Stacks blockchain, experienced a significant security breach. The exploit resulted in the loss of approximately $8.3 million in digital assets. The vulnerability was traced back to a flaw in the platform's self-listing verification logic, which allowed an attacker to drain liquidity from several asset pools. The stolen assets included about 8.4 million Stacks (STX) tokens, 21.85 Stacks Bitcoin (sBTC), 149,850 in USDC (USDC) and USDt (USDT), and 2.8 Wrapped Bitcoin (WBTC). This incident is notable as one of the largest exploits in the Stacks ecosystem to date.
In response to the breach, Alex Lab Foundation, the organization supporting the protocol, pledged to fully reimburse affected users using its treasury reserves. The compensation will be issued in USDC tokens, with reimbursement calculations based on the average onchain exchange rates between 10:00 am UTC and 2:00 pm UTC on the day of the attack. Affected wallets will receive an onchain notification by June 8, including a personalized claim form. Users must submit the completed form with a receiving wallet address by June 10. The team has committed to verifying submitted claims and distributing USDC payments within seven days. Users who do not receive a form are urged to contact the team via email.
The technical details behind the exploit have not been disclosed, but the team is expected to release a post-mortem report in the near future. This incident is not the first security breach for Alex Protocol. In May 2024, the platform suffered another exploit involving its crosschain bridge infrastructure, resulting in the unauthorized withdrawal of $4.3 million in crypto. The team suspected that this earlier incident was linked to the North Korean cybercrime group Lazarus and collaborated with blockchain analyst ZachXBT to trace the stolen assets. The repeated security incidents highlight the ongoing challenges faced by DeFi platforms in safeguarding user assets and maintaining trust within the ecosystem.

Comments
No comments yet