Alex Lab Links $4M Exploit to North Korea-Backed Lazarus Group

Alex Labs Lazarus Group
Last updated:
Journalist
Journalist
Hassan Shittu
About Author

Hassan, a Cryptonews.com journalist with 6+ years of experience in Web3 journalism, brings deep knowledge across Crypto, Web3 Gaming, NFTs, and Play-to-Earn sectors. His work has appeared in...

Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews

Bitcoin layer-2 developer Alex Lab has indicated that the $4 million exploit it suffered in May is most likely linked to the infamous North Korean hacking consortium, Lazarus Group.The team revealed that it has collaborated with on-chain investigator ZachXBT, who linked a wallet to the Lazarus group. This collaboration with ZachXBT and the Singapore Police Force has led to Alex Lab freezing some stolen funds.

Alex Lab works with ZachXBT to Link Hack to Lazarus Group

In a June 25 post on X, Alex Lab identified three wallet addresses used by hackers on May 16 to drain $4.3 million from its Bitcoin-based decentralized finance (DeFi) protocol. The team collaborated with independent blockchain investigator ZachXBT to gather the necessary evidence to connect Lazarus to the exploit. Alex Lab said in its post,

“After extensive forensic analysis and investigations facilitated by blockchain analyst ZachXBT who provided critical assistance on transaction tracing, there is substantial transaction evidence linking the attack to the Lazarus Group, a notorious hacker collective believed to be associated with the North Korean government.”

Alex Lab noted that an address identified by ‘0x418e…0c4e’ was directly linked to the exploit. Funds from this address were sent to another address, ‘0x63…BeA3.’ The second address then transferred the funds to a Tron wallet, which had been previously associated with the Lazarus group.

Alex Lab has announced a collaboration with international law enforcement and cybersecurity experts to address the recent attack’s implications and recover lost assets. The platform is also enhancing its security protocols to prevent future incidents.

“We have facilitated contact between the Singapore Police Force and relevant cryptocurrency exchanges (CEXs) as part of the ongoing investigation. This cooperation is a crucial step towards maintaining the security of the stolen assets while the investigation proceeds,” the company stated.

Alex Lab also noted that many of the traced STX tokens, now frozen with various exchanges, will remain so pending the police investigations. “The Foundation will make appropriate announcements as soon as these frozen funds can be returned to the affected users,” the statement continued.

Alex Lab Recovers $3.9M in Crypto Assets After $4.3M Bridge Exploit on BNB Smart Chain

On May 16, Alex Lab informed its users via X that attackers had exploited its BNB Smart Chain bridge, siphoning off approximately $4.3 million worth of funds. Alex Labs explained that the breach occurred through the attacker gaining control of a private key that provided access to one of the bridge’s “vaults.” Importantly, the team clarified that “the smart contract code and infrastructure underlying ALEX were not compromised.”To recover the stolen funds, Alex Lab offered the attackers a 10% bounty for the return of 90% of the funds and promised to cease legal action if the funds were returned. However, the attackers did not respond to the bounty request.Additionally, the hackers exploited around $13.7 million worth of Stacks (STX) tokens. Some of these funds were sent to centralized exchanges and subsequently frozen. By June 20, Alex Lab revealed that the attacker had broadcast over 11,800 STX transactions, using several DeFi protocols and bridges, including Arkadiko, Bitflow, and Allbridge, to off-ramp the stolen STX. The team said they have successfully frozen over $3.9 million of crypto assets exploited from its BNB Smart Chain bridge.The recovery was announced in a social media post on May 16, revealing that the funds were traced to various centralized exchanges (CEXs), which then cooperated to freeze the assets.In their statement, the team reported recovering complete balances for 17 different tokens, including “all aBTC, sUSDT, xBTC, xUSD, ALEX, atALEX, LiSTX, LUNR, SKO, CHAX, $B20, ORDG, ORMM, ORNJ, TRIO, TX20, and STXS.”Previously, the Lazarus group has been linked to several attacks in the cryptocurrency sector. The group was responsible for stealing approximately $170 million from crypto exchange Huobi in November 2023 and is also allegedly behind the infamous Ronin Bridge attack.Reports suggest the criminal actors were responsible for over $300 million worth of crypto funds lost in 2023 alone. A United Nations panel is investigating 58 cyberattacks allegedly conducted by the group.

More Articles

Altcoin News
Further Punishment Awaits South Korean Civil Servant Who Stole $416k to Buy Crypto
Tim Alper
Tim Alper
2025-02-17 03:00:00
Cryptonews Reports
Lawyer Confirms US Has Dropped Vinnik Case, Client ‘Has a Clean Slate’
Tim Alper
Tim Alper
2025-02-16 23:30:00
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors