Bitcoin-based DeFi platform ALEX Protocol has suffered a devastating $8.3 million exploit. Its the platform’s second major hack in just over a year. The attack has raised serious concerns over the project’s security framework.
On June 6, 2025, ALEX confirmed the breach occurred due to a vulnerability in its self-listing verification logic. This flaw, meant to prevent unauthorized asset listings, was bypassed by attackers who then drained several liquidity pools.
The total stolen assets include:
8.4 million STX ($5.69 million)
21.85 sBTC ($2.24 million)
149,850 USDC/USDT
2.80 WBTC ($287,369)
The platform’s team has committed to reimbursing all affected users from the ALEX Lab Foundation Treasury. Compensation will be made in USDC, calculated based on the average value of the stolen tokens between 10:00 and 14:00 UTC on June 6.
Notifications and claim forms will be sent by June 8, with a submission deadline of June 10. Compensation is expected within seven days after form verification.
This is not ALEX’s first security incident. In May 2024, the platform was exploited for $4.5 million by North Korea’s Lazarus Group through its bridge on the BNB Smart Chain.
The repeated security lapses have shaken investor trust. As cross-chain DeFi grows more complex, ALEX Protocol must overhaul its verification and auditing protocols to remain viable. It remains to be seen if the platform’s compensation plan will be enough to regain user confidence or not.
Also Read:Bybit Launches Security Overhaul After $1.4 Billion Crypto Hack: Wallet & Audit Upgrades Lead Recovery