Bitcoin DeFi tool Alex Lab loses $4.3M in hack, offers 10% bounty for stolen funds

Bitcoin DeFi app ALEX Lab was drained of more than $4.3 million in various tokens early Wednesday after a suspected private key compromise attacked its bridging service.

Security researchers CertiK said The attackers likely got their hands on a private key that controlled ALEX’s XLink bridge, a service that allows users to transfer tokens between different blockchains. Hacker transferred over $300,000 worth of bitcoins (BTC)$3.3 million in stablecoins and $75,000 in Sugar Kingdom tokens (SKO).

The developers of ALEX have confirmed the hack a post in the early European hours, claiming to know the identity of the attacker. The team offered them a 10% bonus for returning 90% of the stolen funds.

“The ALEX Lab Foundation has identified the person responsible for the recent security breach and is offering a solution via a bounty agreement,” the developers said. “ALEX assures that once compliance is met, there will be no further pursuit or involvement of law enforcement. This offer is valid until May 18 at 0800 UTC.

Funds associated with the hacker have been frozen by major exchanges to prevent further misuse, the team said.

Private key compromises are among the most common attack vectors for hackers. Some of the biggest crypto hackslike Ronin’s $650 million leak in 2022 and Harmony’s $100 million hack in the same year, were the result of poor private key security.

Fuente