ALEX, a decentralized finance (DeFi) project built on the Bitcoin network, has fallen victim to a $4.3 million attack. Although most of the stolen funds have been frozen by crypto exchanges, the ALEX team still extends a 10% bounty to the hacker in exchange for 90% of the stolen funds.
ALEX Parts Ways With $4.3M
Developed by the ALEX Labs, the protocol brings functionalities common to DeFi projects into the Bitcoin blockchain. This is possible because ALEX utilizes Stacks (STX), a smart contract-enabled blockchain layer linked to Bitcoin. The DeFi project allows users to trade, swap, hold, bridge, and stake BRC-20 tokens and other BTC-affiliated cryptocurrencies.
Hours ago, the project suffered a security breach on its XLink bridge, a channel connecting several blockchains compatible with the ALEX protocol. These blockchains include BNB Chain and Ethereum. Blockchain security firm CertiK pointed to “a possible private key compromise” as the root cause of the exploit. Among the assets stolen were Binance-pegged Bitcoin (BTCB), Sugar Kingdom (SKO), and stablecoins.
Addressing the issue, the ALEX team assured the public that it is working with exchanges and others to recover the funds. The ALEX Lab Foundation claimed to have pinpointed the attacker’s identity and has offered “a 10% bounty of the total stolen funds” if the hacker returns 90% of the assets before May 18th at 08:00 UTC. If the attacker complies before the deadline, no law enforcement agency will be involved.
Will Hacker Return Stolen Funds?
It currently remains uncertain whether the hacker will return the stolen funds. However, on-chain data shows that the hacker continues to transport the remaining funds in their custody. For example, the blockchain security firm PeckShield revealed that the attacker recently transferred 14.4 BTCB (worth over $903,000) and 2.75 million SKO (worth nearly $61,000) to a new wallet address.
This hack brings ALEX into the long list of crypto-based exploits performed by bad actors over the past few years.