Alex Lab Private Key Compromise

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Revision as of 17:56, 28 July 2025 by Azoundria (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' section to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Alex Lab Logo/Homepage

Alex Lab is an organization creating a protocol for swapping, liquidity, lending, and farming. Unfortunately, it appears that the team did not properly secure the private key for their contracts. Assets were withdrawn, mostly to centralized exchanges. A significant portion of the assets were recovered and plans are being made to distribute them to affected users.

This is a global/international case not involving a specific country.[1][2][3][4][5][6][7][8][9]

About Alex Lab

"Governing DeFi on Bitcoin. The ALEX Lab Foundation ("the Foundation") is a non-profit organization supporting the governance and growth of the ALEX DeFi protocol."

"ALEX (Automated Liquidity Exchange) is the first complete DeFi platform built for Bitcoin through Stacks smart contracts. Bring your Bitcoin to life: launch new projects, earn interest, swap tokens, rewrite finance, reinvent culture."

"Use the ALEX Decentralized Exchange (DEX) for trustless swaps. Everything done on the app is routed directly through your wallet so you always have custody of your tokens."

"You can become a liquidity provider by submitting two tokens to the liquidity pool to begin earning a share of the trading fees."

"ALEX staking involves “locking up” your $ALEX token on the platform for an amount of time (”rewards cycles”) in exchange for earning protocol rewards."

"By farming (staking/locking up) LP tokens, in addition to receiving liquidity pool transactions fees, you also earn $ALEX and APower rewards."

"Through lend/borrow ALEX is establishing a fundamental building block of Bitcoin finance: fixed-yield and fixed-term financial instruments. Unlike most lend/borrow on all the other DeFi protocols, however, ALEX uses dynamic Collateral Rebalancing Pools (CRPs) to avert the risk of forced liquidation."

This is a global/international case not involving a specific country.

The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

  • Known history of when and how the service was started.
  • What problems does the company or service claim to solve?
  • What marketing materials were used by the firm or business?
  • Audits performed, and excerpts that may have been included.
  • Business registration documents shown (fake or legitimate).
  • How were people recruited to participate?
  • Public warnings and announcements prior to the event.

Don't Include:

  • Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
  • Anything that wasn't reasonably knowable at the time of the event.

There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - Alex Lab Private Key Compromise
Date Event Description
May 13th, 2024 9:29:00 PM MDT Protocol Promotion Video Alex Lab posts a promotional video.
May 14th, 2024 10:44:03 AM MDT Second Attack Transaction The first attack transaction on the Binance Smart Chain.
May 14th, 2024 10:57:30 AM MDT Second Attack Transaction The second attack transaction on the Binance Smart Chain.
May 14th, 2024 11:24:00 AM MDT CertiK Tweet Posted CertiK posts a tweet about the incident.
May 15th, 2024 12:45:00 PM MDT Security Update Tweet AlexLab posts a security update with an overview of assets sent to centralized exchanges and their 10% offer of bounty to the attacker.
May 17th, 2024 5:07:00 AM MDT Further Security Update Another tweet with further updates is posted.

Technical Details

This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?

Total Amount Lost

The total amount lost has been estimated at $4,300,000 USD.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Total Amount Recovered

The total amount recovered is unknown.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. Rekt - AlexLab - Rekt (Accessed May 21, 2024)
  2. @RektHQ Twitter (Accessed May 21, 2024)
  3. BNB Smart Chain Transaction Hash (Txhash) Details - BscScan (Accessed May 21, 2024)
  4. BNB Smart Chain Transaction Hash (Txhash) Details - BscScan (Accessed May 21, 2024)
  5. @ALEXLabBTC Twitter (Accessed May 21, 2024)
  6. @XLinkbtc Twitter (Accessed May 21, 2024)
  7. @CertiKAlert Twitter (Accessed May 21, 2024)
  8. Alex Lab LinkTree (Accessed Jun 11, 2025)
  9. Alex Lab Homepage (Accessed Jun 11, 2025)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Alex_Lab_Private_Key_Compromise&oldid=6858"