DeFi

DeFi Protocol Alex Lab $4M Hack Linked to Lazarus Group

Published

on

Alex Lab, a Bitcoin-based DeFi protocol, revealed new details about the hack it suffered in May. The project announced that it had potentially identified the attacker with the help of a blockchain detective while police continued to investigate the incident.

DeFi protocol loses millions due to phishing attack

On May 15, the Alex Lab Foundation fell victim to an exploit that cost users millions of dollars. THE DeFi Protocol revealed that the attacker obtained private keys via a phishing attack, granting them full access to the funds.

The attacker used the compromised keys to access one of the vaults associated with the Alex Liquidity Pool, compromising all assets in the vault.

The list of affected assets includes aBTC, sUSDT, XBTC, xUSD, ALEX, atALEX, LiSTX, SKO, CHAX, $B20, ORDG, ORMM, ORNJ, TRIO, TX20 and STXS. Nonetheless, the project said its code and underlying smart contract infrastructure had not been compromised.

After taking over as an administrator, the attacker drained approximately 13.7 million Stacks (STX), 3 million of which were sent to several centralized exchanges (CEXs). According to the report, the exploiters sent STX to Binance, Kraken, OKX, Bybit, Kucoin, and other exchanges.

Summary of the stolen STX. Source: Alex Lab on X

By May 16, the DeFi project had recovered most of the affected assets. Additionally, he revealed that he was monitoring exploiters’ wallets and had informed the relevant CEXs.

Alex Lab also said that part of the stolen funds, worth around $4 million, was being recovered from one of the centralized centers. ExchangesHowever, the protocol specified that there was no guarantee that all stolen funds could be recovered.

Lazarus group linked to attack

On June 17, Alex Lab updated investors on the status of the incident. After failing to contact the exploiter, the DeFi protocol continued to track down the stolen assets.

As a result, the team found that the hacker had broadcast nearly 10,000 transactions in a month. According to the post, the attacker generated hundreds of new addresses to disperse STX tokens on-chain. After sending the balance to the new wallets, the tokens were transferred to the CEXs in smaller quantities.

The number of wallets linked to the exploit is growing exponentially every day “with no sign of stopping.” Last week, 8.3 million STX, worth approximately $14 million, was deposited with CEXs. During this time, approximately 5.5 million STX remained on-chain.

Movement of the stolen STX tokens. Source: Alex Lab on X

June 24, Alex Lab detailed crucial new findings in the ongoing investigation. According to the DeFi protocol, they had potentially identified its attackers.

Apparently, some of the exploit addresses have been linked to the North Korean hacking group. Lazare Group. Forensic analysis, assisted by crypto detective ZachXBT, revealed “substantial transaction evidence linking the attack to the Lazarus Group.”

The original operating address to which the funds were initially sent transferred the funds to a second address, which appears linked to the North Korean hacking group. Transaction history shows that the second address “used a known Lazarus TRON address.”

The Foundation explained that it had facilitated contacts between the CEX and the Singapore police. Finally, they said they are working with cybersecurity experts to “address the implications of this attack and recover lost assets.”

BTC is trading at $61,250 in the three-day chart. Source: BTCUSDT on TradingView

Featured image from Unsplash.com, chart from TradingView.com

Fuente

Leave a Reply

Your email address will not be published. Required fields are marked *

Información básica sobre protección de datos Ver más

  • Responsable: Miguel Mamador.
  • Finalidad:  Moderar los comentarios.
  • Legitimación:  Por consentimiento del interesado.
  • Destinatarios y encargados de tratamiento:  No se ceden o comunican datos a terceros para prestar este servicio. El Titular ha contratado los servicios de alojamiento web a Banahosting que actúa como encargado de tratamiento.
  • Derechos: Acceder, rectificar y suprimir los datos.
  • Información Adicional: Puede consultar la información detallada en la Política de Privacidad.

Trending

Exit mobile version