Alex Protocol Loses $8.3M to DeFi Exploit Bitcoin DeFi protocol Alex Protocol lost over $8.3 million in digital assets to a security vulnerability after a listing verification bug. The exploit occurred on June 6 and targeted Alex Protocol’s liquidity pools on the Stacks blockchain. In an X post , the attacker was seen using a vulnerability in the self-listing verification logic of the platform to siphon cash from multiple pools. Breakdown of Funds Stolen The attacker successfully stole: 8.4 million Stacks (STX) tokens 21.85 Stacks Bitcoin (sBTC) 149,850 USDC 149,850 USDt 2.8 Wrapped Bitcoin (WBTC) This is one of the largest exploits on the Stacks network to date and a significant setback for trust in Bitcoin-native DeFi protocols. Full Reimbursement in USDC Assured The Alex Lab Foundation, which supports the protocol, will reimburse users in full. Payout will be done in USDC with onchain averages between 10:00 and 14:00 UTC on the day of the exploit. Users will receive their individual onchain claim forms by June 8 and must resubmit them by June 10 along with a receiving wallet address. Successful claims will be paid out within seven days. Users who are not getting forms are encouraged to contact the Alex Protocol team via email for assistance. Second Major Exploit in Two Months It is not the first security exploit for Alex Protocol. In May 2024, the platform was targeted in another exploit with its crosschain bridge, resulting in $4.3 million lost. The exploit was suspected to have been carried out by the North Korean Lazarus Group. The team worked with blockchain researcher ZachXBT on tracing funds and wallets involved in the earlier breach. Waiting for Technical Insights Alex Protocol is still to release a technical breakdown of the June exploit but has promised a full post-mortem report. The breach is used to highlight existing weaknesses in building Bitcoin DeFi infrastructure and the necessity for greater security practices on an urgent priority.
