ALEX Protocol, a decentralized finance (DeFi) platform operating on the Bitcoin network via the Stacks layer-2 solution, has recently suffered a significant security breach. On June 6, 2025, the protocol experienced an exploit resulting in an estimated loss of $14 million.

The breach was attributed to a flaw in the verification logic of the self-listing feature, which allowed the attacker to bypass transaction failure checks on the Stacks network. This vulnerability enabled unauthorized withdrawals from the platform.

In response, ALEX Protocol promptly suspended its platform operations to prevent further damage and initiated a comprehensive investigation into the incident. The team is collaborating with centralized exchanges to trace and recover the stolen funds, as some assets have reportedly been moved to these platforms.

This is the second major security incident for ALEX Protocol. In May 2024, the platform suffered a breach resulting in a loss exceeding $4 million, later linked to the North Korean-affiliated Lazarus Group.

These consecutive incidents highlight the persistent security challenges within the DeFi sector, emphasizing the need for robust security measures and continuous vigilance to protect user assets.