Blockchain DeFi software Early on Wednesday, ALEX Lab suffered a suspected private key compromise attack on its bridging service, draining it of roughly $4.3 million in different tokens.
According to security expert CertiK, the hackers probably obtained a secret key that was in charge of ALEX’s XLink bridge, which enables users to move tokens between several blockchains. The hacker moved stablecoins worth $3.3 million, bitcoin (BTC) worth over $300,000, and Sugar Kingdom (SKO) tokens for $75,000.
In an early European hour message, ALEX developers acknowledged the hack and said they knew who the perpetrator was. The group gave them a 10% reward for returning 90% of the money that had been taken.
“ALEX Lab Foundation has identified the individual responsible for the recent security breach and is offering a resolution through a bounty arrangement,” the developers stated. “Alex guarantees that there will be no more pursuit or law enforcement involvement after compliance. Offer valid until May 18 at 08.00 UTC.”
To stop such abuse, the team stated that major exchanges have frozen funds linked to the hacker.
Compromises of private keys are among the most often used attack methods by hackers. Poor private key security was the cause of some of the largest cryptocurrency attacks, including Harmony’s $100 million hack in the same year and Ronin’s $650 million drain.