,

Bitcoin DeFi Tool Alex Lab Loses $4.3M in Hack, Offers 10% Bounty for Stolen Funds

The DeFi protocol said it had identified the attacker.

The stolen funds have been frozen by major exchanges.

00:59

Crypto Hack Volumes Fell by More Than 50% in 2023: TRM Labs

08:42

Bitcoin Ecosystem Developments in 2023 as BTC Hits Fresh 2023 High

01:10

Bitcoin Extends Rally as $1B in BTC Withdrawals Suggests Bullish Mood

1:02:43

Why Financial Advisors Are So Excited About a Spot Bitcoin ETF

Bitcoin DeFi application ALEX Lab was drained of over $4.3 million in various tokens early Wednesday after a suspected private key compromise attacked its bridging service.

Security researchers CertiK said the attackers likely caught hold of a private key that controlled ALEX’s XLink bridge, a service that lets users transfer tokens between different blockchains. The hacker transferred over $300,000 worth of bitcoin (BTC), $3.3 million worth of stablecoins and $75,000 worth of Sugar Kingdom (SKO) tokens.

ALEX developers confirmed the hack in an X post in early European hours, claiming they knew the identity of the attacker. The team offered them a 10% bounty for the return of 90% of the stolen funds.

“ALEX Lab Foundation has identified the individual responsible for the recent security breach and is offering a resolution through a bounty arrangement,” the developers said. “ALEX assures that upon compliance, there will be no further pursuit or law enforcement involvement. This offer stands until May 18 at 0800 UTC.”

Funds associated with the hacker have been frozen by major exchanges to prevent further misuse, the team said.

Private key compromises are among hackers’ most common attack vectors. Some of the biggest crypto hacks, such as Ronin’s $650 million drain in 2022 and Harmony’s $100 million hack in the same year, were the result of poor private key security.

Edited by Parikshit Mishra.