ALEX Protocol, a DeFi platform built on Bitcoin’s Stacks layer, has suffered a second major breach—this time resulting in an estimated $14 million loss.
The incident comes just over a year after a previous attack drained $4.3 million via its cross-chain bridge.
Initial reports of suspicious activity began surfacing on social media, prompting the ALEX team to confirm a “security incident.” The project later followed up with a detailed post-mortem, while the official website remains offline for maintenance.
The exploit stemmed from a flaw in how failed transactions were handled on the Stacks network. The attacker reportedly manipulated the protocol’s inability to properly verify transaction failures, using rejected data to falsely authorize fund withdrawals.
Crypto security firm QuillAudits pegged the damage at around $14 million. Among the stolen assets were 63.5 units of wrapped Bitcoin variants (aBTC and sBTC). The incident also rattled the broader Stacks ecosystem, with the price of ALEX plunging over 50% and STX—the network’s native token—dropping around 10%.
Confusion briefly surrounded the peg stability of sBTC after data feeds showed a deviation in price. However, a Stacks spokesperson clarified that the token remains on-peg when using official oracle data.
While the attack was isolated to ALEX, other projects in the Stacks ecosystem responded swiftly. Pontis paused its bridge to safeguard liquidity, and Bitflow removed the affected liquidity pools to prevent further risk.
This isn’t ALEX’s first encounter with a critical vulnerability. In May last year, $4.3 million was drained from its XLink bridge, a breach believed to be tied to a compromised private key. Following that incident, the team implemented various security upgrades and migrated critical contracts—but clearly, those measures weren’t enough to prevent this far more damaging exploit.
The U.S. Department of Justice has sentenced Dwayne Golden, 57, of Pennsylvania to 97 months in prison for orchestrating a fraudulent crypto investment scheme that stole over $40 million from investors.
The first half of 2025 has become the most damaging six-month period in crypto history, with over $2.1 billion stolen across 75+ separate incidents, according to new data.
A new breed of cyber-attack is sweeping through crypto media, exploiting site pop-ups and wallet-connect prompts instead of smart-contract bugs.
CoinMarketCap, one of the most widely used crypto data tracking platforms, is reportedly facing a front-end security breach, with multiple users encountering a suspicious prompt to verify their wallets.