- After the hacker attempted to pay out by transferring money to exchanges, the team behind the Bitcoin layer-2 developer was able to successfully freeze some cryptocurrency that was being exploited.
According to the team’s May 16 social media post, Bitcoin layer-2 developer Alex Labs has successfully frozen more than $3.9 million worth of cryptocurrency that was stolen from their BNB Smart Chain bridge. The report claims that the attacker delivered the money to many centralized exchanges (CEXs), and with the exchanges’ assistance, the monies were able to be frozen.
According to the team, all 17 tokens—all of aBTC, sUSDT, xBTC, xUSD, ALEX, atALEX, LiSTX, LUNR, SKO, CHAX, $B20, ORDG, ORMM, ORNJ, TRIO, TX20, and STXS—had their full holdings restored.
Additionally, Stacks (STX) tokens valued at $13.7 million were compromised. The mistake made by the attacker was to transmit “about 3 million” of them to centralized exchanges. A spreadsheet displaying the STX balances at each exchange the hacker used to transfer money is linked to in the post. It reveals that while $9.6 million is held in wallets directly controlled by the attacker, a total of $3.7 million is held at exchanges.
By obtaining possession of a private key that allowed entry to one of the bridge’s “vaults,” the attacker was able to withdraw the money. The ALEX infrastructure and smart contract code, however, remained unhacked, according to the team.
In exchange for returning the remaining 90% of the stolen money, Alex Labs will not pursue legal action against the attacker and will pay a 10% prize. In addition, they are getting ready to submit a police report in the event that the attacker refuses to cooperate.
The team is “evaluating deployment of $ALEX reserves held by ALEX Lab Foundation” because it’s possible that not all of the money will be retrieved. These reserves might be put toward paying users who lost money during the attack through a “treasury grant program.”
Since STX tokens make up a disproportionate share of the funds that have been misused, the team may also suggest upgrading the Stacks network to freeze the remaining funds and create new tokens that will be distributed to victims.
It is not wholly unusual for a network to be upgraded in order to freeze an attacker’s cryptocurrency. It was carried out following the PopcornSwap rug pull on the BNB Smart Chain and during the 2016 Ethereum DAO breach. These upgrades are rarely accepted, though. The update for the PopcornSwap rug pull froze money but did not pay back investors.
In an attempt to stop the money from being paid out, Alex Labs stated in its post that it has “multiple alarms” and is still keeping an eye on the attacker’s addresses.
There have been other recent attacks on Bitcoin layer-2 bridges besides Alex. Ten million dollars were lost in an additional attack on the XLink bridge on May 17. In that instance, a white-hat hacker was able to get $4.3 million back from the money that was taken.
The phishing approach employed by the attacker in both cases to obtain the team’s private key and then use it to make unauthorized withdrawals made the XLink attack nearly identical to the one against Alex.
Disclaimer : This article was created for informational purposes only and should not be taken as investment advice. An asset’s past performance does not predict its future returns. Before making an investment, please conduct your own research, as digital assets like cryptocurrencies are highly risky and volatile financial instruments.
