Alex Labs reported that they had successfully frozen over $3.9 million in cryptocurrency exploited through their BNB Smart Chain bridge.
According to a company social media post published on May 16, Bitcoin layer-2 developer Alex Labs has successfully frozen more than $3.9 million worth of cryptocurrency that was exploited via its BNB Smart Chain bridge.
Alex Labs Freezes Hacked Funds
As stated in the post, the perpetrator of the attack transferred the cash to a number of different centralized exchanges (CEXs), which enabled the funds to be frozen with the assistance of the exchanges.
The team stated that they were able to recover the full balances for seventeen distinct tokens, which included “all aBTC, sUSDT, xBTC, xUSD, ALEX, atALEX, LiSTX, LUNR, SKO, CHAX, $B20, ORDG, ORMM, ORNJ, TRIO, TX20, and STXS.
“Additionally, Stacks (STX) tokens with a value of $13.7 million were taken advantage of. The perpetrator of this attack made the error of sending “about 3 million” of them to centralized exchanges.
A spreadsheet that displays the STX balances at each exchange that the hacker used to transfer funds is linked to the post at the end of the post. The data reveals that a total of $3.7 million is housed at exchanges, while $9.6 million is held in wallets that are directly under the control of the attacker.
By gaining hold of a private key that allowed access to one of the bridge’s “vaults,” the attacker was able to withdraw the money from the bridge. On the other hand, the developers asserted that “the smart contract code and infrastructure that underpin ALEX were not compromised.”
Alex Labs has offered the perpetrator of the theft a 10% bounty and the company has also promised not to prosecute them if they return the remaining 90% of the stolen funds.
In addition, they are putting together a report for the police, which will be submitted in the event that the aggressor does not agree to negotiate.
Because it is possible that not all of the cash will be recovered, the team is currently “evaluating the deployment of $ALEX reserves held by the ALEX Lab Foundation.”
The “treasury grant program” might be used to recompense users who lost money as a result of the attack, and these reserves could be used for that purpose.
Because a disproportionate fraction of the money that was exploited is comprised of STX tokens, the team may also propose an upgrade to the Stacks network that will freeze the remaining assets and mint new tokens that will be delivered to victims.
The process of upgrading a network to freeze an attacker’s coins is not entirely unknown. Both the PopcornSwap rug pull on the BNB Smart Chain and the hack of the Ethereum DAO in 2016 provided the opportunity for this action to be taken.
These upgrades, on the other hand, are rarely granted. During the PopcornSwap rug pull, the upgrade resulted in cash freezing but no reimbursement to investors.
In its post, Alex Labs stated that it is actively monitoring the attacker’s addresses and has implemented “multiple alarms” to prevent the payment of funds.
A number of Bitcoin layer-2 bridges have been targeted in recent times, and Alex is not the only one. A further attack occurred on the XLink bridge on May 17, resulting in a loss of ten million dollars.
A white-hat hacker was successful in recovering $4.3 million of the money that had been taken in that particular instance. The attack on XLink was almost comparable to the one that was carried out against Alex.
In both instances, the aggressor employed a phishing tactic to obtain the team’s private key, which was then used to carry out unauthorized withdrawals.