Bridge for the L2 protocol of Bitcoin Alex loses $4.3 million due to dubious renovations

  • According to CertiK, there’s a chance the attacker tried to siphon money from other networks as well.

A study published on May 14 by blockchain security platform CertiK states that after a sudden contract upgrade, the BNB network’s Alex protocol bridge saw $4.3 million in fraudulent withdrawals.

The issue has sparked questions about the security of the bridges used in the Bitcoin layer-2 protocol, with CertiK classifying it as “a possible private key compromise.” The Alex team has not yet verified the exploit as of this writing.

Five updates were started by the Alex deployer to the platform’s Bridge Endpoint contract on the BNB Smart Chain, according to data from BscScan.

After these modifications, the BNB Smart Chain side of the bridge saw the removal of over $4.3 million worth of USD Coin (USDC), Sugar Kingdom Odyssey (SKO), and Binance-Pegged Bitcoin (BTC).

The implementation address was essentially changed to unverified bytecode by the upgrade transaction call, which made the alteration undetectable to the human eye.

After closer examination, it was discovered that, despite having no previous activity, the 05ed account had created one unconfirmed contract on May 10 and two more on May 14. This unusual activity raises the possibility that the account is being used by a malevolent actor who is trying to take advantage of the Alex protocol on several different networks.

The bridge contract’s proxy address called an unverified function on a different address less than an hour after the improvements were started, moving 16 BTC ($983,000), 2.7 million SKO ($75,000), and $3.3 million in USDC.

Not long after, two withdrawal attempts from the “team address” were made by an account ending in 05ed, which had no transaction history prior to May 10. These withdrawal attempts, however, were unsuccessful, and a “not owner” error notice was displayed.

Given that comparable modifications for the Alex protocol were also observed on Ethereum shortly after its initial adjustments, CertiK speculates that the attacker may have also attempted to siphon cash from other networks.

Disclaimer : This article was created for informational purposes only and should not be taken as investment advice. An asset’s past performance does not predict its future returns. Before making an investment, please conduct your own research, as digital assets like cryptocurrencies are highly risky and volatile financial instruments.

Author: Puskar Pande

Leave a Reply