Alex Lab, a Bitcoin layer-2 developer, has suggested that the $4 million exploit it experienced in May is most likely associated with the notorious North Korean cybercrime consortium, Lazarus Group.
The team disclosed that it has collaborated with ZachXBT, an on-chain investigator who established a connection between a wallet and the Lazarus group. Alex Lab has frozen a portion of the misappropriated funds as a result of its collaboration with the Singapore Police Force and ZachXBT.
Alex Lab identified three wallet addresses used by hackers on May 16 to siphon $4.3 million from its Bitcoin-based decentralized finance (DeFi) protocol in a June 25 post on X. In order to establish a connection between Lazarus and the exploit, the team worked in conjunction with ZachXBT, an independent blockchain investigator. In its post, Alex Lab stated,
“Based on the results of the thorough forensic analysis and investigations conducted by blockchain expert ZachXBT, who played a crucial role in the transaction tracing process, there is strong evidence that the attack was carried out by the infamous Lazarus Group, a group of hackers who are allegedly linked to the North Korean government. “
Alex Lab identified an address with the prefix ‘0x418e…0c4e’ that was explicitly associated with the exploit. Another address, ‘0x63…BeA3,’ received funds from this address. The second address subsequently transferred the funds to a Tron wallet that had been previously associated with the Lazarus group.
Alex Lab has disclosed a partnership with cybersecurity professionals and international law enforcement agencies to mitigate the consequences of the most recent cyberattack and retrieve lost assets. Additionally, the platform is improving its security protocols to prevent the recurrence of incidents.
“As part of the ongoing investigation, we have facilitated communication between the Singapore Police Force and pertinent cryptocurrency exchanges (CEXs).” The company stated that this collaboration is an essential step in ensuring the security of the misappropriated assets during the ongoing investigation.
Alex Lab also observed that a significant number of the traced STX tokens, which are currently suspended on a variety of exchanges, will remain in this state until the authorities conduct their investigations. The statement continued, “The Foundation will issue the requisite announcements as soon as the suspended funds can be refunded to the affected users.”
On May 16, Alex Lab notified its users via X that assailants had exploited the BNB Smart Chain bridge, resulting in the theft of approximately $4.3 million in funds. The breach was the result of the perpetrator acquiring control of a private key that granted access to one of the bridge’s “vaults,” according to Alex Labs. It is crucial to note that the team did not compromise the smart contract code and infrastructure that underpin ALEX.
Alex Lab pledged to cease legal action upon the return of the stolen funds and offered the assailants a 10% bounty in exchange for the return of 90% of the funds in order to recover the stolen funds. Nevertheless, the bounty proposal was not responded to by the perpetrators.
Furthermore, the hackers exploited approximately $13.7 million in Stacks (STX) tokens. A portion of these funds were transferred to centralized exchanges and subsequently blocked.
On June 20, Alex Lab disclosed that the perpetrator had exploited a variety of DeFi protocols and bridges, such as Arkadiko, Bitflow, and Allbridge, to broadcast more than 11,800 STX transactions in order to off-ramp the stolen STX. Using its BNB Smart Chain bridge, the team has effectively frozen over $3.9 million in crypto assets.
The recovery was declared in a social media post on May 16, which disclosed that the funds were traced to a variety of centralized exchanges (CEXs). Subsequently, the CEXs collaborated to block the assets.
The team reported that they had successfully recovered the complete balances of 17 distinct tokens, including “all aBTC, sUSDT, xBTC, xUSD, ALEX, atALEX, LiSTX, LUNR, SKO, CHAX, $B20, ORDG, ORMM, ORNJ, TRIO, TX20, and STXS” in their statement.
The Lazarus group has been associated with numerous cryptocurrency-related assaults in the past. In November 2023, the organization is purportedly responsible for the Ronin Bridge attack and the theft of approximately $170 million from crypto exchange Huobi.
According to reports, the criminal actors were accountable for the loss of more than $300 million in crypto funds in 2023. A commission of the United Nations is currently conducting an investigation into 58 cyberattacks that the group is purportedly responsible for.
Also Read: The $10 billion worth of bitcoin held by Mt. Gox has traders worried
