Singapore, Thursday, July 4, 2024 – Bitcoin layer-2 developer Alex Lab has linked the $4 million exploit it suffered in May to the infamous North Korean hacking group, Lazarus Group, multiple reports said.
The team collaborated with on-chain investigator ZachXBT and the Singapore Police Force to track the stolen funds and freeze some of them.
In a June 25 post on X, Alex Lab identified three wallet addresses used by hackers on May 16 to siphon $4.3 million from its Bitcoin-based decentralized finance (DeFi) protocol.
The team worked with independent blockchain investigator ZachXBT to gather evidence connecting Lazarus Group to the exploit.
“After extensive forensic analysis and investigations facilitated by blockchain analyst ZachXBT who provided critical assistance on transaction tracing, there is substantial transaction evidence linking the attack to the Lazarus Group, a notorious hacker collective believed to be associated with the North Korean government,” Alex Lab stated.
One of the identified addresses, ‘0x418e…0c4e,’ was directly linked to the exploit. Funds from this address were sent to another address, ‘0x63…BeA3,’ which then transferred the funds to a Tron wallet previously associated with Lazarus Group.
Many of the traced STX tokens are currently frozen with the relevant exchanges, pending police investigations.
The attack on May 16 involved exploiting Alex Lab’s BNB Smart Chain bridge, allowing attackers to gain control of a private key and drain approximately $4.3 million worth of funds. The team clarified that the smart contract code and infrastructure of ALEX were not compromised.
In an effort to recover the stolen funds, Alex Lab offered the attackers a 10% bounty for the return of 90% of the funds and promised to cease legal action if the funds were returned. However, the attackers did not respond to the bounty request.
Additionally, hackers exploited around $13.7 million worth of Stacks (STX) tokens. Some of these funds were sent to centralized exchanges and subsequently frozen. By June 20, Alex Lab revealed that the attacker had broadcast over 11,800 STX transactions, using several DeFi protocols and bridges to off-ramp the stolen STX. The team successfully froze over $3.9 million of crypto assets.
The Lazarus Group has been linked to several high-profile attacks in the cryptocurrency sector, including the theft of approximately $170 million from crypto exchange Huobi in November 2023 and the infamous Ronin Bridge attack. Reports suggest the group was responsible for over $300 million worth of crypto funds lost in 2023 alone, with a United Nations panel investigating 58 cyberattacks allegedly conducted by the group.
