Alex Lab Links $4M Exploit to North Korea-Backed Lazarus Group
Bitcoin layer-2 developer Alex Lab has indicated that the $4 million exploit it suffered in May is most likely linked to the infamous North Korean hacking consortium, Lazarus Group.
The team revealed that it has collaborated with on-chain investigator ZachXBT, who linked a wallet to the Lazarus group. This collaboration with ZachXBT and the Singapore Police Force has led to Alex Lab freezing some stolen funds.
Alex Lab works with ZachXBT to Link Hack to Lazarus Group
Update on the ALEX Incident Investigation
Dear ALEX Community,
We wish to share an important update on the ALEX incident investigation from last month, which resulted in unauthorized access and the loss of funds. We understand the severity of this issue and are committed to full…— ᛤ ALEX 🟧 THE Finance Layer on Bitcoin ᛤᛤᛤ (@ALEXLabBTC) June 25, 2024
In a June 25 post on X, Alex Lab identified three wallet addresses used by hackers on May 16 to drain $4.3 million from its Bitcoin-based decentralized finance (DeFi) protocol. The team collaborated with independent blockchain investigator ZachXBT to gather the necessary evidence to connect Lazarus to the exploit. Alex Lab said in its post,
“After extensive forensic analysis and investigations facilitated by blockchain analyst ZachXBT who provided critical assistance on transaction tracing, there is substantial transaction evidence linking the attack to the Lazarus Group, a notorious hacker collective believed to be associated with the North Korean government.”
Alex Lab noted that an address identified by ‘0x418e…0c4e’ was directly linked to the exploit. Funds from this address were sent to another address, ‘0x63…BeA3.’ The second address then transferred the funds to a Tron wallet, which had been previously associated with the Lazarus group.
Many of those STX that we traced to CEXs are currently frozen with the relevant exchanges indicating that they will continue to freeze stolen assets pending the police investigations. The Foundation will make appropriate announcement as soon as these frozen funds can be returned… https://t.co/FTTjDyD2qA
— ᛤ ALEX 🟧 THE Finance Layer on Bitcoin ᛤᛤᛤ (@ALEXLabBTC) June 25, 2024
Alex Lab has announced a collaboration with international law enforcement and cybersecurity experts to address the recent attack’s implications and recover lost assets. The platform is also enhancing its security protocols to prevent future incidents.
“We have facilitated contact between the Singapore Police Force and relevant cryptocurrency exchanges (CEXs) as part of the ongoing investigation. This cooperation is a crucial step towards maintaining the security of the stolen assets while the investigation proceeds,” the company stated.
Alex Lab also noted that many of the traced STX tokens, now frozen with various exchanges, will remain so pending the police investigations. “The Foundation will make appropriate announcements as soon as these frozen funds can be returned to the affected users,” the statement continued.
Alex Lab Recovers $3.9M in Crypto Assets After $4.3M Bridge Exploit on BNB Smart Chain
On May 16, Alex Lab informed its users via X that attackers had exploited its BNB Smart Chain bridge, siphoning off approximately $4.3 million worth of funds. Alex Labs explained that the breach occurred through the attacker gaining control of a private key that provided access to one of the bridge’s “vaults.” Importantly, the team clarified that “the smart contract code and infrastructure underlying ALEX were not compromised.”
To recover the stolen funds, Alex Lab offered the attackers a 10% bounty for the return of 90% of the funds and promised to cease legal action if the funds were returned. However, the attackers did not respond to the bounty request.
Additionally, the hackers exploited around $13.7 million worth of Stacks (STX) tokens. Some of these funds were sent to centralized exchanges and subsequently frozen.
By June 20, Alex Lab revealed that the attacker had broadcast over 11,800 STX transactions, using several DeFi protocols and bridges, including Arkadiko, Bitflow, and Allbridge, to off-ramp the stolen STX. The team said they have successfully frozen over $3.9 million of crypto assets exploited from its BNB Smart Chain bridge.
The recovery was announced in a social media post on May 16, revealing that the funds were traced to various centralized exchanges (CEXs), which then cooperated to freeze the assets.
In their statement, the team reported recovering complete balances for 17 different tokens, including “all aBTC, sUSDT, xBTC, xUSD, ALEX, atALEX, LiSTX, LUNR, SKO, CHAX, $B20, ORDG, ORMM, ORNJ, TRIO, TX20, and STXS.”
Previously, the Lazarus group has been linked to several attacks in the cryptocurrency sector. The group was responsible for stealing approximately $170 million from crypto exchange Huobi in November 2023 and is also allegedly behind the infamous Ronin Bridge attack.
Reports suggest the criminal actors were responsible for over $300 million worth of crypto funds lost in 2023 alone. A United Nations panel is investigating 58 cyberattacks allegedly conducted by the group.
