Bitcoin layer-2 developer, Alex Labs, has successfully frozen over $3.9 million worth of cryptocurrency that was exploited from its BNB Smart Chain bridge, as announced on May 16. The attacker sent the funds to various centralized exchanges (CEXs), allowing them to be frozen with the cooperation of these exchanges.
The team managed to recover the complete balances for 17 different tokens, including aBTC, sUSDT, xBTC, xUSD, ALEX, atALEX, LiSTX, LUNR, SKO, CHAX, $B20, ORDG, ORMM, ORNJ, TRIO, TX20, and STXS.
Additionally, the attacker exploited $13.7 million worth of Stacks (STX) tokens. However, the attacker made a mistake by sending approximately 3 million to centralized exchanges. The team provided a spreadsheet displaying the STX balances at each exchange used by the hacker, revealing that $3.7 million is held at exchanges, while $9.6 million is held in wallets directly controlled by the attacker.
The attacker gained control of a private key that provided access to one of the bridge’s vaults, but the team clarified that the smart contract code and infrastructure supporting ALEX were not compromised.
In an attempt to recover the stolen funds, Alex Labs offered a 10% bounty to the attacker and promised not to pursue legal action if they returned the remaining 90%. If the attacker does not agree to negotiate, the team will file a police report.
Due to the possibility of not fully recovering the funds, the team is considering using the ALEX reserves held by the ALEX Lab Foundation for a treasury grant program to compensate users affected by the attack. Given that a substantial portion of the exploited funds consists of STX tokens, the team may suggest a Stacks network upgrade to freeze the remaining funds and mint new tokens for the victims.
While network upgrades to freeze an attacker’s coins have been implemented before, such as during the 2016 Ethereum DAO hack and the PopcornSwap rug pull on the BNB Smart Chain, they are rarely approved. The PopcornSwap rug pull upgrade froze funds but did not reimburse investors.
Alex Labs stated in their post that they are actively monitoring the attacker’s addresses and have implemented multiple alarms to prevent the funds from being cashed out.
Notably, Alex is not the only Bitcoin layer-2 bridge that has recently been attacked. On May 17, the XLink bridge fell victim to an attack resulting in a loss of $10 million. However, a white-hat hacker managed to recover $4.3 million of the stolen funds. The XLink attack followed a similar pattern to the attack on Alex, with the attacker using a phishing technique to obtain the team’s private key, which was then used to make unauthorized withdrawals.