Archived tweet

Tweet by ALEX Lab:

ALEX Security Update Dear Community, We want to keep everyone informed about the recent attack and our ongoing efforts to address the situation with ALEX. Yesterday, we became aware of an exploit using compromised private keys obtained via a phishing attack. The exploiter was able to drain some assets from the ALEX protocol. We are prioritizing supporting our community and will share more detailed figures as open efforts to freeze funds progress. KEY POINTS Affected Assets: The exploiter conducted a targeted attack, taking over as the admin of one of the vaults associated with ALEX liquidity pool (https://explorer.hiro.so/txid/0x17d6c0f925134dbb75fa74d61dff9c20e681f37c834a7125717307af6825e4c6?chain=mainnet…) and affecting all assets in that vault (https://explorer.hiro.so/txid/SP3K8BC0PPEVCV7NZ6QSRWPQ2JE9E5B6N3PA0KBR9.alex-vault-v1-1?chain=mainnet…), including about 13.7 million STX, of which about 3 million was sent to various CEXs with the amount increasing and the balance remaining on a few wallets. So far, we recovered all aBTC, sUSDT, xBTC, xUSD, ALEX, atALEX, LiSTX, LUNR, SKO, CHAX, $B20, ORDG, ORMM, ORNJ, TRIO, TX20 and STXS. The smart contract code and infrastructure underlying ALEX were not compromised. Monitoring and Actions: The exploiter’s wallets are being closely monitored, and all relevant centralized exchanges (CEXs) have been notified. All known CEX accounts associated with the exploiter are frozen. Furthermore, all those exchanges have been requested to stop all deposit and withdrawal function until further notice. In support of the effort to trace the stolen funds, we have set up multiple alarms to monitor all suspected addresses suspected to be created by the exploiters for the movement of funds. Fund Recovery: A portion of the stolen funds have been identified and are in the process of being recovered from one CEX. We are actively working through the required processes with other CEXs to facilitate the return of additional funds. Legal Measures: In further efforts to recover the stolen funds, we are preparing to file a police report to obtain police support on our recovery efforts if the exploiter does not come forward to cooperate with us in time. NEXT STEPS To further monitor the exploiter's movements and block any further transfer of funds, we are sharing the current forensic data with all relevant CEXs. You can view the details in this Forensic Data Spreadsheet https://docs.google.com/spreadsheets/d/1soFi1f-6pIscJIbaDzq_71LiEZ-B1_RO1CcD8hr8W24/edit#gid=52390640…. We will continue to update this sheet with new information based on the attackers’ movements. As there is no assurance that all stolen funds will be recovered, we are evaluating deployment of $ALEX reserves held by ALEX Lab Foundation (which are held for purposes of dealing with situations like the current incident) towards funding of a treasury grant program to support our community impacted by this attack during these challenging times. Additionally, we are considering the possibility of proposing, i.e. SIP, to the @Stacks community for the burn of STX in the wallets holding unrecovered stolen funds of our community and fresh mint of STX to those impacted. We appreciate your patience and support as we work through these challenging times. Rest assured, we are doing everything possible to resolve this situation and support the affected ALEX community. Tweeted at 4:17 AM · May 16, 2024

Tweet #1

Links: