According to Foresight News, Bitcoin ecosystem project ALEX has reported a significant security breach. Hackers gained control of a vault related to ALEX's liquidity pool and stole all assets within, including approximately 13.7 million STX tokens. Of these, around 3 million have been transferred to various CEXs, with some still being transferred and a portion remaining in the wallet.
The ALEX team has responded by recovering all aBTC, aUSDT, xBTC, xUSD, ALEX, atALEX, LiSTX, LUNR, SKO, CHAX, $B20, ORDG, ORMM, ORNJ, TRIO, TX20, and STXS. The underlying smart contract code and infrastructure of ALEX were not attacked.
The team is closely monitoring the hacker's wallet and has notified all relevant CEXs. All known hacker-related CEX accounts have been frozen. Furthermore, all relevant CEXs have been asked to halt all deposit and withdrawal functions until further notice. The ALEX team has also set up multiple alarms to monitor any suspicious addresses suspected of being created by the attacker for fund flow.
In terms of fund recovery, the team has identified some of the stolen funds and is recovering from a CEX, completing necessary procedures with other CEXs to facilitate more fund returns. If the hacker does not cooperate in time, ALEX is prepared to report to the police.
The ALEX team has also publicly shared the current forensic data with all relevant CEXs for community review. As it cannot guarantee the recovery of all stolen funds, the team is considering whether to use the ALEX Lab Foundation's ALEX reserves to fund the treasury grant program. Additionally, the ALEX team is considering issuing a SIP proposal to the Stacks community to destroy STX in the unrecovered stolen fund wallet in the Stacks community and issue new STX tokens to affected users.
Foresight News reported yesterday that ALEX has informed the community of the latest information about the recent cross-chain bridge XLink vulnerability and is working with exchanges, partners, and ecosystem contributors to resolve this issue. Most of the funds related to the hacker have been frozen by major exchanges. The ALEX team proposed a reward of 10% of the total stolen funds to ask the hacker to return 90% of the assets. Preliminary evidence suggests that the private key may have been leaked, with assets worth about $4.3 million transferred to an address starting with 0x2705.