ALEX Lab to Compensate Users After $8.3 Million Hack Incident

The DeFi protocol ALEX Lab, built on the Stacks L2 solution for Bitcoin, has announced that it will fully reimburse users for losses incurred during a $8.3 million hacker attack.

According to the team, on June 6, an attacker exploited a vulnerability in the smart contract verification logic. They managed to introduce a malicious token by referencing a previously failed transaction, which allowed them to bypass checks and withdraw funds from liquidity pools.

Representatives of the project noted that the primary issue lies in the limitations of the Stacks network, which hinder reliable tracking of failed transactions.

To cover the losses, the ALEX Lab team will utilize funds from their own treasury. Affected users will receive individual notifications, and applications for compensation must be submitted by June 10.

The recent attack marks the second significant breach of the protocol in recent years— in May 2024, the project lost $4.3 million due to private key compromise resulting from a phishing attack.

The reimbursement process from the first incident is still ongoing. The team has successfully convinced centralized exchanges to freeze a portion of the stolen assets. According to the latest updates, eight out of 15 exchanges have returned funds, while discussions with the remaining platforms continue.

At the time of writing, the native token ALEX is trading at $0.017, having dropped 17% in the past day, according to CoinGecko.

It’s worth noting that on May 8, hackers siphoned off $11.5 million from the hot wallet of Taiwan’s BitoPro.