Bitrabo Editorial
A DeFi protocol named Alex Lab, based on Bitcoin, disclosed fresh details about a hack it encountered in May. The project shared that they potentially pinpointed the attacker with the aid of a blockchain investigator while law enforcement investigates the situation.
DeFi Protocol Suffers Losses Due To Phishing Attack
In mid-May, the Alex Lab Foundation was exploited, resulting in the loss of millions in users’ assets. The DeFi protocol disclosed that the attacker acquired private keys through a phishing scheme, offering full access to the funds.
Utilizing the compromised keys, the attacker accessed a vault linked to the Alex Liquidity Pool, compromising all assets within the vault. Various assets were affected, such as aBTC, sUSDT, XBTC, xUSD, ALEX, and others, totaling to a substantial amount. However, the project assured that its core smart contract code and infrastructure remained secure.
Upon becoming the administrator, the attacker withdrew around 13.7 million Stacks (STX), transferring 3 million to different centralized exchanges (CEXs) like Binance, Kraken, and others.
Lazarus Group Implicated In The Breach
As of June, Alex Lab updated stakeholders on the breach’s status. Despite unsuccessful attempts to contact the perpetrator, the DeFi protocol pursued recovering the stolen assets.
Subsequently, the team discovered that the hacker executed approximately 10,000 transactions within a month, dispersing STX tokens to numerous addresses, eventually funneling them to CEXs. The exploit’s wallets continue to grow daily, with millions worth of STX deposited to CEXs.
Recent investigations linked some exploit addresses to the Lazarus Group, a North Korean hacking entity. Detailed forensic analysis indicated a strong link between the attack and the Lazarus Group, with funds flowing through known Lazarus TRON addresses. Collaborative efforts with CEXs and law enforcement aim to recover lost assets and address the attack’s implications.