Alex Labs freezes $3.9M of exploited funds sent to CEXs after hack


Bitcoin layer-2 developer Alex Labs has successfully frozen more than $3.9 million worth of crypto that was exploited from its BNB Smart Chain bridge, according to the team’s May 16 social media post. According to the post, the attacker sent the funds to several different centralized exchanges (CEXs), which allowed them to be frozen with the cooperation of the exchanges.

Source: Alex Labs

The team said it recovered the complete balances for 17 different tokens, including “all aBTC, sUSDT, xBTC, xUSD, ALEX, atALEX, LiSTX, LUNR, SKO, CHAX, $B20, ORDG, ORMM, ORNJ, TRIO, TX20 and STXS.”

$13.7 million worth of Stacks (STX) tokens were also exploited. Of these, the attacker made the mistake of sending “about 3 million” to centralized exchanges. The post links to a spreadsheet showing the STX balances at each exchange the hacker used to transfer funds. It shows that a total of $3.7 million is held at exchanges, whereas $9.6 million are held in wallets under the direct control of the attacker.

List of CEXs holding exploited funds. Source: Alex Labs

The attacker withdrew the funds by taking control of a private key that provided access to one of the bridge’s “vaults.” However, “The smart contract code and infrastructure underlying ALEX were not compromised,” the team claimed.

Related: Alex bridge on BNB Smart Chain drained of $4.3M after suspicious upgrade

Alex Labs has offered a 10% bounty to the attacker and a promise not to prosecute if they return the other 90% of the stolen funds. They are also preparing a police report, which will be filed if the attacker does not agree to negotiate.

Because there is a possibility that not all funds will be recovered, the team is “evaluating deployment of $ALEX reserves held by ALEX Lab Foundation.” These reserves may be used for a “treasury grant program” to compensate users who lost funds in the attack.

A disproportionate amount of the exploited funds consists of STX tokens, so the team may also propose a Stacks network upgrade that will freeze the remaining funds and mint new tokens to be sent to victims.

Upgrading a network to freeze an attacker’s coins is not completely unprecedented. It was done during the 2016 Ethereum DAO hack and after the PopcornSwap rug pull on the BNB Smart Chain. However, these upgrades are rarely approved. In the case of the PopcornSwap rug pull, the upgrade froze funds but did not reimburse investors.

In its post, Alex Labs claimed that it continues to monitor the attacker’s addresses and has “multiple alarms” in an effort to prevent the funds from being cashed out.

Alex is not the only Bitcoin layer-2 bridge that has been attacked recently. On May 17, the XLink bridge was also attacked, and $10 million was lost. In that case, a white-hat hacker managed to recover $4.3 million of the stolen funds. The XLink attack was almost identical to the one against Alex, as the attacker in both cases used a phishing technique to obtain the team’s private key, which was then used to make unauthorized withdrawals.