NAIROBI (CoinChapter.com) — Bitcoin layer-2 developer Alex Labs has successfully frozen over $3.9 million of exploited funds. The attacker sent these funds to various centralized exchanges (CEXs), as detailed in a May 16 post by the team.
Details of the Exploit
On May 16, Alex Labs reported an exploit of their BNB Smart Chain bridge. The attackers gained control of a private key and accessed one of the bridge’s vaults, stealing $13.7 million worth of Stacks (STX) tokens. They mistakenly sent about $3 million to centralized exchanges (CEX).
Alex Labs froze those funds with the cooperation of the exchanges, stating that the smart contract code and infrastructure remained uncompromised.
Alex Labs recovered complete balances for 17 different tokens, including aBTC, sUSDT, xBTC, xUSD, and others. Additionally, the team identified and began recovering a portion of the stolen funds from one CEX. The team is also working with other CEXs to return additional funds. However, the attacker still controls about $9.6 million worth of STX tokens.
Alex Labs’ Fund Recovery and Legal Actions
Alex Labs is actively monitoring the attacker’s wallets and has set up multiple alarms to track the movement of funds.
The team has notified all relevant CEXs and frozen accounts associated with the exploiter. They have offered a 10% bounty to the attacker for the return of the remaining 90% of the stolen funds and a promise not to prosecute if they comply.
In case the attacker does not cooperate, Alex Labs is preparing to file a police report to obtain legal support for their recovery efforts. The team is also evaluating the deployment of $ALEX reserves held by the Alex Lab Foundation.
These reserves may be used for a treasury grant program to support users affected by the attack. Additionally, they are considering proposing a Stacks network upgrade to freeze the remaining funds and mint new tokens for the victims.
Progress in Asset Recovery
ALEX issued a follow-up security update on May 17, 2024. They detailed ongoing efforts to monitor the exploiter’s activities and legal actions. ALEX is working with exchanges and partners providing 24-hour investigative support. Coordination with law enforcement through legal counsel continues.
Source: XA forensic data spreadsheet, updated regularly, tracks the exploiter’s movements. Legal action is crucial as the exploiter is unlikely to negotiate, according to discussions with security partners.
To support those impacted, ALEX is deploying reserves held by the ALEX Lab Foundation. These reserves will fund a treasury grant program aimed at assisting the community through these challenging times.
Since the last update, ALEX has recovered several assets, including Leo, Gus, Play, Long, Not, Pepe, Max, Ethereum, Fast, Mick, Wif, Diko, aeUSDC, aeWBTC, Mega, Vibes, GoatSTX, Mooneeb, Pomboo, Hashiko, Parker, Runestone, Pikachu, Nakamoto, Rock, Wsbtc, and All. These assets, except those burnt, are held in the DAO contract, which was unaffected by the attack.
The primary goal remains to recover the 13.7 million STX. ALEX is developing a treasury grant program to support affected users, with details to be shared soon. The team emphasizes its commitment to maintaining the security and integrity of the ALEX protocol.
The post Alex Labs Freezes $3.9M in Exploited Funds appeared first on CoinChapter.
