Stacks-based Alex Lab to reimburse users after $8.3 million exploit as token drops 45%
Quick Take
- Alex Lab, a Bitcoin DeFi protocol on the Stacks blockchain, said it would completely reimburse its users using treasury funds after an $8.3 million exploit on Friday.
- The protocol’s native token dropped 45% in response to the exploit, which the Alex team blamed on a flaw in the protocol’s smart contract logic.
- Alex Lab was previously exploited in May 2024 for $4.3 million, in an attack it blamed on North Korea’s Lazarus Group. The recovery process from that attack is still incomplete.
Bitcoin DeFi protocol Alex Lab (stylized as ALEX Lab) suffered its second major exploit in as many years after an unknown attacker exploited a flaw in the protocol's programming logic to siphon $8.3 million in various cryptocurrencies from the protocol.
The Stacks-based protocol said on X Friday it would reimburse affected users 100% using funds from its treasury. Users will be notified individually, but have only until June 10 to complete the claim form to receive the funds.
"The attacker exploited a flaw in verification logic in the self-listing function by referencing a failed transaction, allowing a malicious token to bypass checks and transfer funds from liquidity pools," the protocol wrote. "The core issue stems from a current on-chain limitation, specifically the inability to reliably detect failed transactions on Stacks."
The price of Alex Lab's native token $ALEX dropped precipitously following the exploit, around 45% in just twenty-four hours, according to CoinGecko data.
Alex Lab had previously been exploited for around $4.3 million in May 2024, The Block previously reported. Rather than a smart contract flaw, that exploit was enabled after private keys were compromised from a phishing attack, a common attack vector for North Korea's state-sponsored Lazarus Group hackers, whom the protocol blamed for the hack.
Following that hack, the protocol was able to convince centralized exchanges to freeze some of the stolen funds, and later distributed the protocol's revenue to compensate affected users, following a vote from the protocol's governance DAO. Yet not all exchanges have returned the funds, according to a recent update.
"To date, 8 of 15 CEXs have returned funds, with discussions ongoing with the remaining 7 exchanges. We expect further recoveries in Q2," Alex Protocol wrote.
Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.
© 2025 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
