Alex Protocol, a Bitcoin-based DeFi platform built on the Stacks blockchain, was hit by a major $8.3 million exploit on June 6, marking one of the largest security breaches in the Stacks ecosystem.
The attackers exploited a vulnerability in the platform’s self-listing verification logic, allowing them to drain liquidity from multiple asset pools. The stolen funds included:
-
8.4 million STX tokens (~$5.9M)
-
21.85 sBTC (Stacks Bitcoin)
-
149,850 USDC & USDT (~$150K)
-
2.8 WBTC (~$305K)
<foto>
Alex Lab Foundation Pledges Full Reimbursement
In response, the Alex Lab Foundation announced it would fully compensate affected users using its treasury reserves. Payments will be made in USDC, calculated based on the average exchange rates during the attack window (10:00 AM – 2:00 PM UTC on June 6).
How to Claim Compensation:
-
Affected wallets will receive an on-chain notification by June 8 with a claim form.
-
Users must submit the form with a valid receiving wallet address by June 10.
-
Verified claims will receive USDC refunds within 7 days.
Users who don’t receive a form are advised to contact the team via email.
Second Major Hack in Just Over a Month
This wasn’t Alex Protocol’s first security incident. In May 2024, the platform lost $4.3 million due to an exploit in its cross-chain bridge—suspected to be the work of North Korea’s Lazarus Group.
The team collaborated with blockchain sleuth ZachXBT to track the stolen funds, identifying three wallets linked to the attack.
Key Takeaways:
-
Exploit Cause: Flaw in self-listing verification logic.
-
Stolen Funds: $8.3M in STX, sBTC, stablecoins, and WBTC.
-
Reimbursement: Full refunds in USDC via a structured claims process.
-
Repeat Incident: Second hack in two months (May’s $4.3M breach tied to Lazarus Group).
