Alex Protocol, a Bitcoin-based DeFi platform built on the Stacks blockchain, was hit by a major $8.3 million exploit on June 6, marking one of the largest security breaches in the Stacks ecosystem.
The attackers exploited a vulnerability in the platform’s self-listing verification logic, allowing them to drain liquidity from multiple asset pools. The stolen funds included:
-
8.4 million STX tokens (~$5.9M)
-
21.85 sBTC (Stacks Bitcoin)
-
149,850 USDC & USDT (~$150K)
-
2.8 WBTC (~$305K)
<foto>
Please Register !
Alex Lab Foundation Pledges Full Reimbursement
Please Register !
In response, the Alex Lab Foundation announced it would fully compensate affected users using its treasury reserves. Payments will be made in USDC, calculated based on the average exchange rates during the attack window (10:00 AM – 2:00 PM UTC on June 6).
Please Register !
How to Claim Compensation:
Please Register !
-
Affected wallets will receive an on-chain notification by June 8 with a claim form.
-
Users must submit the form with a valid receiving wallet address by June 10.
-
Verified claims will receive USDC refunds within 7 days.
Users who don’t receive a form are advised to contact the team via email.
Please Register !
Please Register !
Second Major Hack in Just Over a Month
Please Register !
This wasn’t Alex Protocol’s first security incident. In May 2024, the platform lost $4.3 million due to an exploit in its cross-chain bridge—suspected to be the work of North Korea’s Lazarus Group.
The team collaborated with blockchain sleuth ZachXBT to track the stolen funds, identifying three wallets linked to the attack.
Please Register !
Key Takeaways:
Please Register !
-
Exploit Cause: Flaw in self-listing verification logic.
Please Register !
-
Stolen Funds: $8.3M in STX, sBTC, stablecoins, and WBTC.
Please Register !
-
Reimbursement: Full refunds in USDC via a structured claims process.
Please Register !
-
Repeat Incident: Second hack in two months (May’s $4.3M breach tied to Lazarus Group).
Please Register !
