Bitcoin DeFi utility ALEX Lab was drained of over $4.3 million in varied tokens early Wednesday after a suspected personal key compromise attacked its bridging service.
Safety researchers CertiK mentioned the attackers doubtless caught maintain of a personal key that managed ALEX’s XLink bridge, a service that lets customers switch tokens between completely different blockchains. The hacker transferred over $300,000 value of bitcoin (BTC), $3.3 million value of stablecoins and $75,000 value of Sugar Kingdom (SKO) tokens.
ALEX builders confirmed the hack in an X put up in early European hours, claiming they knew the id of the attacker. The crew provided them a ten% bounty for the return of 90% of the stolen funds.
“ALEX Lab Foundation has identified the individual responsible for the recent security breach and is offering a resolution through a bounty arrangement,” the builders mentioned. “ALEX assures that upon compliance, there will be no further pursuit or law enforcement involvement. This offer stands until May 18 at 0800 UTC.”
Funds related to the hacker have been frozen by main exchanges to forestall additional misuse, the crew mentioned.
Non-public key compromises are amongst hackers’ most typical assault vectors. A few of the greatest crypto hacks, resembling Ronin’s $650 million drain in 2022 and Concord’s $100 million hack in the identical 12 months, had been the results of poor personal key safety.