Bitcoin DeFi Protocol ALEX Lab links $4 Million Exploit to Lazarus Group
ALEX Lab, a Bitcoin DeFi protocol, announced that the $4 million lost in various tokens to a hacking incident on May 15, 2024, was most likely linked to the North Korea-backed cyber hacking entity known as Lazarus Group.
Update on the ALEX Incident Investigation
— ᛤ ALEX 🟧 THE Finance Layer on Bitcoin ᛤᛤᛤ (@ALEXLabBTC) June 25, 2024
Dear ALEX Community,
We wish to share an important update on the ALEX incident investigation from last month, which resulted in unauthorized access and the loss of funds. We understand the severity of this issue and are committed to full…
ALEX Lab revealed this in an X post on Tuesday addressing the ALEX community on the update on the ALEX Incident Investigation. The Bitcoin DeFi application said that “We would like to provide a significant update on the investigation into the ALEX incident that occurred last month, which led to funds being lost and unauthorized access. We are devoted to complete transparency in our continuing response and recognize the severity of this issue.”
Furthermore, ALEX Lab explained how it identified the potential attacker, Lazarus Group. The firm said, “There is substantial transaction evidence linking the attack to the Lazarus Group following extensive forensic analysis and investigations facilitated by blockchain analyst ZachXBT, who provided crucial assistance on transaction tracing.”
Looking at the detailed transaction evidence, the team detailed in the post two blockchain addresses and transactions that were crucial in tracing the culprits and the flow of stolen assets. The first, which was the Initial Exploit Link Address (0x418e337774d26365efeaa4700e889a9746330c4e), is directly linked to the XLink/ALEX Exploit, and the second is the address funds were sent to (0x639F61cA3E0e3fDCd654DC4A22579e7382dEBeA3), which is believed to be a known Lazarus TRON address connected to the hacking entity.
“We are working closely with cybersecurity specialists and international law enforcement to resolve the implications of this attack and retrieve lost assets. We are putting in place stronger security measures to protect our platform from similar attacks,” Alex Lab said.
Alex Lab revealed on X on May 16 that it had experienced an exploit utilizing hacked private keys that were acquired through a phishing scam. At that time, the project stated, "The exploiter was able to drain some assets from the ALEX protocol." It also stated that the smart contract code and infrastructure underlying the Bitcoin DeFi Protocol were not compromised, and a portion of the stolen assets have been identified and are in the process of being recovered from one of the centralized exchanges.
Disclaimer: This information should not be considered financial advice by any means. Please do your own research before making any investment decisions. The views in the articles are personal opinions only. Whale Insider is not responsible for any financial losses incurred.