CertiK Alert analysts reported that the DeFi platform Alex Labs was hacked on the bitcoin network. Losses amounted to about $4.3 million.
Experts suspect a possible leak of private keys.
According to on-chain data, the incident occurred after the contract updates of the Bridge Endpoint platform in BNB Chain. After that, an unknown person withdrew 16 BTC, 3.3 million USDC and 2.7 million Sugar Kingdom Odyssey (SKO) from the protocol bridge.
Calling the update operation actually changed the implementation address to an unverified bytecode, making this change invisible at first glance.
The hacker's address created two unverified contracts on May 10 and two more on May 14. Prior to this, the wallet was not active.
After the start of updates, the proxy address of the bridge contract caused an unverified function of another account, as a result of which funds went to the criminal's wallet.
According to analysts, it is possible that the attacker tried to attack the protocol in other networks, since Alex Labs contract updates were also initiated in Ethereum.
Representatives of the DeFi project confirmed the hacking of the XLink bridge. The team reported on cooperation with many exchanges and successful freezing of part of the stolen funds.
Alex Labs also added that they have already identified the identity of the hacker and offered him to return assets by May 18 for a reward of 10%.
Experts suspect a possible leak of private keys.
According to on-chain data, the incident occurred after the contract updates of the Bridge Endpoint platform in BNB Chain. After that, an unknown person withdrew 16 BTC, 3.3 million USDC and 2.7 million Sugar Kingdom Odyssey (SKO) from the protocol bridge.
Calling the update operation actually changed the implementation address to an unverified bytecode, making this change invisible at first glance.
The hacker's address created two unverified contracts on May 10 and two more on May 14. Prior to this, the wallet was not active.
After the start of updates, the proxy address of the bridge contract caused an unverified function of another account, as a result of which funds went to the criminal's wallet.
According to analysts, it is possible that the attacker tried to attack the protocol in other networks, since Alex Labs contract updates were also initiated in Ethereum.
Representatives of the DeFi project confirmed the hacking of the XLink bridge. The team reported on cooperation with many exchanges and successful freezing of part of the stolen funds.
Alex Labs also added that they have already identified the identity of the hacker and offered him to return assets by May 18 for a reward of 10%.
