Alex Protocol Loses $8.3 Million in Security Breach

Alex Protocol, a Bitcoin DeFi protocol, suffered a significant security breach on June 6, resulting in the loss of over $8.3 million in digital assets. The exploit targeted the protocol's liquidity pools on the Stacks blockchain, leveraging a vulnerability in the self-listing verification logic to siphon funds from multiple pools. The attacker successfully stole 8.4 million Stacks (STX) tokens, 21.85 Stacks Bitcoin (sBTC), 149,850 USDC, 149,850 USDt, and 2.8 Wrapped Bitcoin (WBTC). This incident marks one of the largest exploits on the Stacks network to date, raising concerns about the security of Bitcoin-native DeFi protocols.

The Alex Lab Foundation, which supports the protocol, has vowed to reimburse affected users in full. The reimbursement will be made in USDC, with onchain averages calculated between 10:00 and 14:00 UTC on the day of the exploit. Users will receive their individual onchain claim forms by June 8 and must resubmit them by June 10, along with a receiving wallet address. Successful claims will be processed within seven days. Users who do not receive their claim forms are encouraged to contact the Alex Protocol team via email for assistance.

This is the second major security exploit for Alex Protocol in two months. In May 2024, the platform experienced another breach involving its crosschain bridge, resulting in a loss of $4.3 million. The earlier exploit was suspected to have been carried out by the North Korean Lazarus Group. The team collaborated with blockchain researcher ZachXBT to trace the funds and wallets involved in the incident. Despite these setbacks, Alex Protocol has not released a technical breakdown of the June exploit but has promised a full post-mortem report. The breach underscores the existing weaknesses in building Bitcoin DeFi infrastructure and the urgent need for enhanced security practices.