DeFi
DeFi Protocol Alex Lab $4M Hack Linked to Lazarus Group
Alex Lab, a Bitcoin-based DeFi protocol, revealed new details about the hack suffered in May. The project announced that it had potentially identified the attacker with the help of a blockchain detective while police continued to investigate the incident.
DeFi protocol loses millions due to phishing attack
On May 15, the Alex Lab Foundation fell victim to an exploit that cost users millions of dollars. THE DeFi Protocol revealed that the attacker obtained private keys via a phishing attack, granting them full access to the funds.
The attacker used the compromised keys to access one of the vaults associated with the Alex Liquidity Pool, compromising all assets in the vault.
The list of affected assets includes aBTC, sUSDT, XBTC, xUSD, ALEX, atALEX, LiSTX, SKO, CHAX, $B20, ORDG, ORMM, ORNJ, TRIO, TX20 and STXS. Nonetheless, the project said its code and underlying smart contract infrastructure had not been compromised.
After taking over as administrator, the attacker drained approximately 13.7 million Stacks (STX), of which 3 million were sent to multiple centralized exchanges (CEX). According to the report, exploiters sent STX to Binance, Kraken, OKX, Bybit, Kucoin and other exchanges.
Summary of the stolen STX. Source: Alex Lab on X
By May 16, the DeFi project had recovered most of the affected assets. Additionally, he revealed that he was monitoring exploiters’ wallets and had informed the relevant CEXs.
Alex Lab also said that part of the stolen funds, worth around $4 million, was being recovered from one of the centralized centers. Exchanges. However, the protocol explained that there was no guarantee that all stolen funds could be recovered.
Lazarus group linked to attack
On June 17, Alex Lab updated investors on the status of the incident. After failing to contact the exploiter, the DeFi protocol continued to track down the stolen assets.
As a result, the team found that the hacker had broadcast nearly 10,000 transactions in a month. According to the post, the attacker generated hundreds of new addresses to disperse STX tokens on-chain. After sending the balance to the new wallets, the tokens were transferred to the CEXs in smaller quantities.
The number of wallets linked to the exploit is growing exponentially every day “with no sign of stopping.” Last week, 8.3 million STX, worth approximately $14 million, was deposited with CEXs. During this time, approximately 5.5 million STX remained on-chain.
Movement of the stolen STX tokens. Source: Alex Lab on X
June 24, Alex Lab detailed crucial new findings in the ongoing investigation. According to the DeFi protocol, they had potentially identified its attackers.
Apparently, some of the exploit addresses have been linked to the North Korean hacking group. Lazare Group. Forensic analysis, assisted by crypto detective ZachXBT, revealed “substantial transaction evidence linking the attack to the Lazarus Group.”
The initial operating address to which the funds were originally sent transferred the funds to a second address, which appears linked to the North Korean hacking group. Transaction history shows that the second address “used a TRON address known to Lazarus.”
The Foundation explained that it had facilitated contacts between the CEX and the Singapore police. Finally, they said they are working with cybersecurity experts to “address the implications of this attack and recover lost assets.”
BTC is trading at $61,250 in the three-day chart. Source: BTCUSDT on TradingView
Featured image from Unsplash.com, chart from TradingView.com