Alex Protocol, a decentralized finance (DeFi) platform for Bitcoin on the Stacks blockchain, suffered an exploit on June 6, resulting in losses of crypto assets worth $8.3 million.
In an announcement on X, Alex Protocol stated that the breach was caused by a vulnerability in its self-listing verification logic. The attacker exploited the flaw to drain liquidity from various asset funds.
The Bitcoin DeFi platform stated that the attackers stole approximately 8.4 million Stacks tokens ($STX ), 21.85 Stacks Bitcoin ($BTC ), 149,850 in $USDC .
. The incident is one of the largest exploits in the Stacks ecosystem to date.
In response to the incident, the Alex Lab Foundation, the organization supporting the protocol, committed to fully reimburse affected users using its treasury reserves.
Cointelegraph reached out to Alex Protocol through its account on X, but did not receive a response at the time of publication.
Alex Protocol will reimburse affected users after the exploit.
According to Alex Lab, compensation will be issued in USDC tokens. The protocol will base its reimbursement calculations on the average on-chain exchange rates between 10:00 AM UTC and 2:00 PM UTC on the day of the attack.
Alex Lab stated that the wallets affected by the attack will receive an on-chain notification before June 8, including a customized claim form. Users must submit the completed form with a receiving wallet address before June 10.
The team said they will verify the submitted claims and distribute payments in USDC within seven days. Users who do not receive a form were urged to contact the team via email.
The team did not reveal the technical mechanisms behind the exploit, but is expected to publish a post-mortem report.
Alex Protocol affected by another hack in May 2024
This is not the first security incident in which Alex Protocol has lost millions. In May 2024, the DeFi platform suffered an exploit related to its cross-chain bridge infrastructure. The incident led to the unauthorized withdrawal of $4.3 million in cryptocurrencies from the platform.
The DeFi protocol stated that the May exploit was likely linked to the North Korean cybercriminal group Lazarus. The team pointed out three wallets used in the attack and said they worked with blockchain analyst ZachXBT to trace the stolen assets.
