Bitcoin DeFi Platform Alex Protocol Suffers $8.3M Exploit
Bitcoin DeFi platform Alex Protocol recently suffered a significant exploit, resulting in an $8.3 million loss of digital assets. The breach, attributed to a vulnerability in its self-listing verification logic, led to the draining of liquidity from various asset pools. This incident marks one of the largest exploits within the Stacks ecosystem.
Alex Protocol Hit By $8.3 Million Exploit
On June 6, Alex Protocol, a Bitcoin decentralized finance (DeFi) platform operating on the Stacks blockchain, experienced a major security breach. The exploit, which drained approximately $8.3 million in digital assets, was caused by a flaw in the platform's self-listing verification logic. This vulnerability allowed attackers to siphon liquidity from multiple asset pools.
Assets Compromised
The attackers successfully drained a variety of digital assets, including:
- 8.4 million Stacks (STX) tokens
- 21.85 Stacks Bitcoin (sBTC)
- 149,850 in USDC and USDt
- 2.8 Wrapped Bitcoin (WBTC)
Reimbursement Plan for Affected Users
In response to the exploit, the Alex Lab Foundation, the organization supporting Alex Protocol, has committed to fully reimbursing all affected users. The compensation will be issued in USDC tokens, with calculations based on the average on-chain exchange rates between 10:00 AM UTC and 2:00 PM UTC on the day of the attack.
Key steps for reimbursement:
- Affected wallets will receive an on-chain notification by June 8, including a personalized claim form.
- Users must submit the completed form with a receiving wallet address by June 10.
- The team will verify submitted claims and distribute USDC payments within seven days.
- Users who do not receive a form are advised to contact the team via email.
Previous Security Incidents
This is not the first time Alex Protocol has faced a significant security incident. In May 2024, the platform suffered an exploit involving its cross-chain bridge infrastructure, leading to an unauthorized withdrawal of $4.3 million in crypto. The team suggested that the May exploit was likely linked to the North Korean cybercrime group Lazarus, collaborating with blockchain analyst ZachXBT to trace the stolen assets.