Bitcoin layer-2 developer Alex Lab suggested that the $4 million exploit it experienced in May is likely connected to the well-known North Korean hacking group, Lazarus Group.
According to the team, they have worked closely with on-chain investigator ZachXBT, who identified a wallet associated with the Lazarus group. This collaboration, involving ZachXBT and the Singapore Police Force, has enabled Alex Lab to freeze a portion of the stolen funds.
Alex Lab works with ZachXBT to Link Hack to Lazarus Group
On June 25, Alex Lab disclosed in a post on X that hackers had utilized three wallet addresses on May 16 to drain $4.3 million from its Bitcoin-based decentralized finance (DeFi) protocol. The team collaborated with independent blockchain investigator ZachXBT to gather evidence connecting Lazarus to the exploit. In their statement, Alex Lab explained,
“After extensive forensic analysis and investigations facilitated by blockchain analyst ZachXBT, who provided critical assistance on transaction tracing, there is substantial transaction evidence linking the attack to the Lazarus Group, a notorious hacker collective believed to be associated with the North Korean government.”
Alex Lab specifically identified an address marked ‘0x418e…0c4e’ as directly involved in the exploit. Funds from this address were subsequently transferred to another address, ‘0x63…BeA3.’ The second address then forwarded the funds to a Tron wallet previously linked to the Lazarus group.
Alex Lab has announced a collaboration with international law enforcement and cybersecurity experts to address the ramifications of the recent attack and recover lost assets. The platform is also bolstering its security protocols to prevent future incidents.
“We have facilitated communication between the Singapore Police Force and relevant cryptocurrency exchanges (CEXs) as part of the ongoing investigation. This cooperation is a crucial step in safeguarding the stolen assets while investigations proceed,” the company stated.
Alex Lab further disclosed that a significant portion of the identified STX tokens, currently frozen across multiple exchanges, will remain inaccessible pending police inquiries. “The Foundation will issue further updates once these frozen funds can be returned to affected users,” the statement concluded.
Alex Lab Recovers $3.9M in Crypto Assets After $4.3M Bridge Exploit on BNB Smart Chain
On May 16, Alex Lab notified its users via X that attackers had exploited its BNB Smart Chain bridge, resulting in the theft of approximately $4.3 million worth of funds. Alex Lab clarified that the breach occurred when the attacker gained control of a private key that provided access to one of the bridge’s “vaults.” Importantly, the team assured users that “the smart contract code and infrastructure underlying ALEX were not compromised.”
In an effort to recover the stolen funds, Alex Lab offered the attackers a 10% bounty if 90% of the funds were returned, and pledged to refrain from pursuing legal action if the funds were returned. However, the attackers did not respond to this bounty request.
Furthermore, the hackers exploited around $13.7 million worth of Stacks (STX) tokens, some of which were transferred to centralized exchanges where they were subsequently frozen.
By June 20, Alex Lab disclosed that the attacker had executed more than 11,800 STX transactions across various DeFi protocols and bridges such as Arkadiko, Bitflow, and Allbridge to liquidate the stolen STX tokens. The team confirmed they successfully froze over $3.9 million worth of crypto assets that were exploited from its BNB Smart Chain bridge.
The recovery effort was publicized through a social media update on May 16, revealing that the funds were tracked to multiple centralized exchanges (CEXs), which cooperated to freeze the assets.
In their announcement, Alex Lab detailed the complete recovery of balances for 17 different tokens, encompassing “all aBTC, sUSDT, xBTC, xUSD, ALEX, atALEX, LiSTX, LUNR, SKO, CHAX, $B20, ORDG, ORMM, ORNJ, TRIO, TX20, and STXS.”
Previously, the Lazarus group has been implicated in numerous cryptocurrency sector attacks. Notably, the group was responsible for pilfering around $170 million from the crypto exchange Huobi in November 2023 and is suspected to be behind the infamous Ronin Bridge attack.
Reports indicate that these criminal actors were involved in over $300 million worth of cryptocurrency losses in 2023 alone. A United Nations panel is currently investigating 58 cyberattacks attributed to the group.