Did you know? Around 120 hacker attacks cost $2.14 billion to the cryptocurrency industry in 2022. Day by day, keeping your business and other valuables safe from these malicious actors is getting difficult for the security teams.
But you know what just happened? This time, hackers are attacking the other domains of the cryptocurrency industry, such as the DeFi tool. Recently, a security breach at the DeFi tool Alex Lab has traumatized the cryptocurrency community. Now that the companies have seen the audacity of the attackers, they are focused on strengthening their security systems.
For a brief intro, Alex Lab is a DeFi tool powered by the Bitcoin blockchain. Although the tool was robust with the latest security systems, the hackers managed to find the blindspot and exploit the vulnerability. This incident has cost the company $4.3 million. Read on to learn what the company did to get the stolen funds back!
The Hacking Incident At Alex Lab
Let’s give you an overview of what exactly happened with this unfortunate DeFi tool. DeFi tools are developed with nodes, also known as bridges. This time, the hackers targeted the most critical bridge in the Alex Lab’s infrastructure—the XLink Bridge.
What is the function of this XLink Bridge, and how was it so easy to exploit? As we said, these bridges are nodes, and nodes work as gateways. Once this gateway is breached, the entire system is accessible to the hacker.
The XLink Bridge, as the name suggests, was a medium from which the users could transfer various tokens between the various blockchains. This breach gave the hackers an open path to hack the entire DeFi tool.
The Security experts at CertiK analyzed the situation and revealed how the hackers exploited this bridge. They said it happened because the hacker managed to gain access with the help of a compromised private key associated with XLink.
What is this private key? It is apparently a mere digital password, but the purpose is to grant access and control over a crypto wallet. This key allowed the hackers to transfer funds freely. This further gave the hackers a free way to access the digital assets of Alex Lab, and they bear the loss of $4.3 billion.
What Kind Of Funds Were Stolen?
The hackers siphoned off a good sum of funds that included a variety of digital assets. First of all, as anticipated they stole the most widely recognized, valued, and traded cryptocurrencies—Bitcoin (BTC) which was worth $300,000. Then comes the stablecoins as they are fixed and stabilized just like the value of traditional assets (the US Dollar). They took a huge chunk of it that was valued at around $3.3 million.
This wasn’t it; they also went for the Sugar Kingdom (SKO) Tokens. What is so special about these tokens? Well, they are the native tokens of the Sugar Kingdom project, a decentralized application (dApp) built on the blockchain. The attackers also stole $75,000 worth of SKO tokens.
They took all the hassle for what? In the end, the crypto community came forward and made the attack useless. The hackers couldn’t do anything with the stolen funds yet because the community has decided to hamper the accounts with the stolen funds so that they become useless. The community, including exchanges like Bitcoin Prime, wants to protect its users by freezing funds that are linked to the hacker’s wallet address. Now, the hackers can’t launder the stolen funds.
How Did Alex Lab Retaliate?
The users of Alex Lab were looking for answers, and the company had to do something to bring the funds back and gain the trust of its users. Alex Lab made a very surprising move and made claims that they have identified who is/are the attacker(s) responsible for commencing such an act and exploiting the XLink bridge.
Although this revelation was not independently verified or backed up by facts, served the purpose of putting pressure on the attacker and intended to recover the stolen funds. Another unconventional thing the company did was, instead of going for the legal actions they went for the most unexpected ways—the bounty program.
What was the program? The idea of bounty hunting was great as it offered 10% of the total stolen funds to the public, specifically the cybercrime experts, to come forward and show their talents by helping the company recover its stolen funds.
The total amount that was stolen from the Alex Lab was $4,300,000 and its 10% is $430,000 as bounty for finding and returning the 90% of the funds.
You might wonder what sort of fun program this is in times of crisis. The main idea behind this bounty program is to warn the attackers to either give the 90% back to the company and keep their cut or get ready to face legal action once caught. The deadline for bounty hunters is 0800 UTC on May 18th.
Final Thoughts
The crypto community should not take this incident lightly. It is a reminder or a warning of the challenges that crypto exchanges face, and the people investing in these assets should take them into consideration before securing their digital assets on a DeFi platform. The security system of the Defi platform should be considered and monitored very closely because, in the end, your money is at stake. The company Alex Lab took necessary steps by going out of its way, and no matter what the outcome is, the incident emphasizes the need for a well-established and regularly monitored security system.