Alex Lab, a Bitcoin-based DeFi protocol, has revealed new details about its hack in May. The project announced that it may have identified the attacker with the help of a blockchain sleuth while the police continue to investigate the incident.
DeFi Protocol Loses Millions to Phishing Attacks
On May 15, the Alex Lab Foundation was the victim of a hack that took millions of users’ money. The DeFi protocol revealed that an attacker obtained the private keys through a phishing attack, giving him full access to the funds.
An attacker used encrypted keys to access one of the vaults associated with the Alex Liquidity Pool, compromising all assets in the vault.
The list of affected assets includes aBTC, sUSDT, XBTC, xUSD, ALEX, atALEX, LiSTX, SKO, CHAX, $B20, ORDG, ORMM, ORNJ, TRIO, TX20, and STXS. However, the project revealed that its smart contract code and infrastructure had not been compromised.
After taking over as administrator, the attacker withdrew about 13.7 million Stacks (STX), 3 million of which he sent to several central exchanges (CEXs). According to the report, the exploiters sent STX to Binance, Kraken, OKX, Bybit, Kucoin, and other exchanges.
Summary of the stolen STX. Source: Alex Lab on X
By May 16, the DeFi Project had recovered most of the affected assets. Additionally, it revealed that it is monitoring the exploiter’s wallets and notifying the CEXs involved.
Alex Lab also said that part of the stolen funds, worth about $4 million, is in the process of being recovered from one of the central exchanges. However, the protocol explained that there are no guarantees that all stolen funds will be recovered.
Lazarus Group Linked to Attack
On June 17, Alex Lab updated investors on the status of the incident. After failing to communicate with the exploiter, the DeFi protocol continued to track the stolen assets.
As a result, the team found that this hacker spread about 10,000 sales per month. With the post, the attacker generated hundreds of new addresses to disperse the STX tokens on the chain. After sending the balance to the new wallets, the tokens were transferred to CEX in small amounts.
The number of exploit-related wallets is increasing daily “with no sign of stopping.” Last week, 8.3 million STX, worth about $14 million, were listed on CEX. At that time, about 5.5 million STX remained in existence.
Movement of the stolen STX tokens. Source: Alex Lab on X
On June 24th, the Alex Lab detailed the important new results of the ongoing investigation. According to the DeFi protocol, they were able to identify its attackers.
It appears that some of the exploit addresses have been linked to the North Korean hacker group Lazarus Group. Forensic analysis, assisted by crypto investigator ZachXBT, revealed “substantial evidence of transactions linking the Lazarus Group attack.”
The first exploit address where the funds were originally sent was transferred to a second address, which appears to be linked to a North Korean hacking group. The transaction history shows that the second address “used a known Lazarus TRON address.”
The Foundation explained that it has liaised between CEXs and the Singapore Police Force. Finally, they said they are working with cyber security experts to “deal with the consequences of this attack and recover the lost assets.”
BTC is trading at $61,250 in the three-day chart. Source: BTCUSDT on TradingView
Featured image from Unsplash.com, Chart from TradingView.com
Source link
