Bitcoin-Based DeFi Protocol Alex Lab Identifies Hacker Behind $14 Million STX Theft

• Bitcoin-based DeFi protocol, Alex Lab, recently disclosed new information regarding a security breach it encountered in May.
• The project believes it has potentially identified the attacker, leveraging blockchain forensics and ongoing police investigations.
• Significant financial losses and rapid forensic advancement underline the gravity and sophistication of the incident.

Discover the latest about Alex Lab’s hack investigation, revealing potential links to the infamous Lazarus Group. Stay informed on how the DeFi sector navigates complex security challenges.

Major DeFi Exploit Costs Alex Lab Millions

On May 15, Alex Lab Foundation found itself victimized by a severe phishing exploit, which resulted in a loss of millions from users’ funds. The attacker successfully obtained critical private keys through a well-orchestrated phishing scheme, granting them complete access to the protocol’s vaults.

This breach led to the unauthorized access and draining of numerous assets, including aBTC, sUSDT, XBTC, and several others. Fortunately, the core smart contract code and primary infrastructure remained secure, unaffected by the exploit.

The attacker managed to siphon off around 13.7 million Stacks (STX), with approximately 3 million STX distributed across multiple centralized exchanges like Binance, Kraken, OKX, Bybit, and Kucoin.

By May 16, Alex Lab had recovered a substantial portion of the compromised assets and was actively monitoring the exploiter’s wallets, having already alerted the involved exchanges.

Efforts to Recover Stolen Funds

The protocol reported that around $4 million worth of stolen funds were in the recovery phase, being traced back through centralized exchange channels. However, Alex Lab cautioned that retrieving all the stolen funds might not be possible, despite ongoing efforts.

Investigation Points to Lazarus Group

In a significant update on June 17, Alex Lab informed investors about new developments in the investigation. Despite attempts to engage with the exploiter, the DeFi protocol continued tracking the stolen assets.

Over the month, the attacker executed nearly 10,000 transactions, creating numerous new addresses to disperse the on-chain STX tokens, which were then transferred to centralized exchanges in smaller increments.

The sophistication of the exploit was evident as new wallets linked to the event multiplied daily. As of last week, around 8.3 million STX had been funneled into exchanges, with approximately 5.5 million STX still observable on-chain.

Forensic Analysis and Attribution

By June 24, critical progress was announced. Collaborating with blockchain analyst ZachXBT, Alex Lab revealed that forensic analysis had potentially identified the attacker as the notorious North Korean hacking conglomerate, Lazarus Group.

The initial analysis suggested that an address associated with the exploit forwarded funds to another address, which is linked to known Lazarus Group operations on the TRON network.

Alex Lab has facilitated communication between the centralized exchanges and the Singapore Police Force, aiming to address the implications of this cyber-attack comprehensively and recover the lost assets. The protocol continues to work alongside cybersecurity experts to mitigate the impact and improve defenses against future threats.

Conclusion

The Alex Lab hack serves as a stark reminder of the vulnerabilities in the DeFi sector. While the project has made strides in recovering some of the stolen assets and identifying possible suspects, the incident underscores the need for enhanced security measures and cooperation within the crypto community. The ongoing investigation and collaboration with global authorities reflect an industry-wide commitment to safeguarding user funds and maintaining trust in decentralized finance platforms.