Coindesk Logo

Bitcoin DeFi Tool Alex Lab Loses $4.3M in Hack, Offers 10% Bounty for Stolen Funds

Bitcoin DeFi Tool Alex Lab Loses $4.3M in Hack, Offers 10% Bounty for Stolen Funds

Bitcoin DeFi Tool Alex Lab Loses $4.3M in Hack, Offers 10% Bounty for Stolen Funds

The ALEX team proposed a 10% bounty on the total stolen funds in exchange for the return of 90% of assets.

The ALEX team proposed a 10% bounty on the total stolen funds in exchange for the return of 90% of assets.

The ALEX team proposed a 10% bounty on the total stolen funds in exchange for the return of 90% of assets.

AccessTimeIconMay 15, 2024, 7:51 AM
Updated May 15, 2024, 7:54 AM
(Kevin Ku/Unsplash)
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global event for everything crypto, blockchain and Web3.Register Now
  • The DeFi protocol said it had identified the attacker.
  • The stolen funds have been frozen by major exchanges.

Bitcoin DeFi application ALEX Lab was drained of over $4.3 million in various tokens early Wednesday after a suspected private key compromise attacked its bridging service.

Security researchers CertiK said the attackers likely caught hold of a private key that controlled ALEX’s XLink bridge, a service that lets users transfer tokens between different blockchains. The hacker transferred over $300,000 worth of bitcoin (BTC), $3.3 million worth of stablecoins and $75,000 worth of Sugar Kingdom (SKO) tokens.

ALEX developers confirmed the hack in an X post in early European hours, claiming they knew the identity of the attacker. The team offered them a 10% bounty for the return of 90% of the stolen funds.

“ALEX Lab Foundation has identified the individual responsible for the recent security breach and is offering a resolution through a bounty arrangement,” the developers said. “ALEX assures that upon compliance, there will be no further pursuit or law enforcement involvement. This offer stands until May 18 at 0800 UTC.”

Funds associated with the hacker have been frozen by major exchanges to prevent further misuse, the team said.

Private key compromises are among hackers’ most common attack vectors. Some of the biggest crypto hacks, such as Ronin’s $650 million drain in 2022 and Harmony’s $100 million hack in the same year, were the result of poor private key security.

Edited by Parikshit Mishra.

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Shaurya is the Deputy Managing Editor for the Data & Tokens team, focusing on decentralized finance, markets, on-chain data, and governance across all major and minor blockchains.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.