Bitcoin DeFi application ALEX Lab suffered a significant security breach early Wednesday, resulting in the loss of over $4.3 million in various tokens. Security researchers from CertiK indicated that the attackers likely compromised a private key that controlled ALEX’s XLink bridge, which facilitates token transfers between different blockchains. The hacker managed to steal over $300,000 worth of Bitcoin (BTC), $3.3 million worth of stablecoins, and $75,000 worth of Sugar Kingdom (SKO) tokens.
ALEX Lab developers confirmed the breach via an X post during early European hours, asserting that they have identified the attacker. In response to the attack, ALEX Lab has offered the hacker a 10% bounty for the return of 90% of the stolen funds. The team stated, “ALEX Lab Foundation has identified the individual responsible for the recent security breach and is offering a resolution through a bounty arrangement.” They assured that upon compliance, there would be no further pursuit or law enforcement involvement. This offer is valid until May 18 at 0800 UTC.
To mitigate further misuse of the stolen funds, ALEX Lab has collaborated with major exchanges to freeze assets associated with the hacker. This proactive measure aims to prevent the hacker from laundering or further utilizing the stolen funds. Private key compromises remain a prevalent attack vector in the cryptocurrency space, with previous high-profile incidents like Ronin’s $650 million hack and Harmony’s $100 million hack underscoring the critical need for robust private key security.
ALEX Lab’s prompt response and the offer of a bounty highlight the ongoing challenges DeFi protocols face in securing their platforms against sophisticated cyber threats. The situation underscores the importance of enhanced security measures and the potential for community-driven solutions in addressing breaches and recovering assets.
