Bitcoin DeFi protocol Alex Lab, also known as ALEX Lab, recently underwent its second significant attack in two years. This time, an anonymous attacker took advantage of a glitch in the protocol’s coding logic, resulting in the loss of $8.3 million in different cryptocurrencies from the protocol. The aftermath of the attack saw the Alex Lab’s native token, $ALEX, plummet by 45% within 24 hours, according to CoinGecko.
Following the exploit, the Stacks-based protocol announced its plans to fully reimburse the affected users using its treasury funds. Users will receive individual notifications but must file the claim form before June 10 to retrieve their funds.
The protocol explained, “The attacker managed to bypass checks and drain funds from liquidity pools by exploiting a glitch in the self-listing function’s verification logic that refers to a failed transaction. This issue is a result of an inherent on-chain limitation, particularly the difficulty in reliably detecting failed transactions on Stacks.”
Alex Lab had a previous exploit in May 2024, which resulted in a loss of around $4.3 million. That attack occurred due to compromised private keys from a phishing attack, a method often used by the Lazarus Group hackers, sponsored by North Korea’s state, whom the protocol accused of the hack.
In response to the previous attack, the protocol convinced centralized exchanges to freeze some stolen funds and compensated the affected users using the protocol’s revenue. This compensation followed a vote from the protocol’s governance DAO. However, not all exchanges have returned the funds, as per a recent update. “So far, 8 out of 15 CEXs have returned the funds, and we are in discussions with the remaining 7 exchanges. We anticipate more recoveries in Q2,” stated Alex Protocol.
