The crypto world was shaken by a major security breach involving ALEX Protocol, a prominent Bitcoin decentralized finance (DeFi) platform built on the Stacks blockchain. The exploit resulted in a staggering loss of $8.3 million in digital assets, highlighting the persistent risks in the DeFi space. This incident has raised questions about the security of DeFi platforms on Bitcoin layer-2 solutions like Stacks and what it means for users.
What Happened in the ALEX Protocol Exploit?
The attacker exploited a vulnerability in ALEX Protocol’s self-listing verification logic, a flaw tied to an on-chain limitation on the Stacks blockchain. This allowed the hacker to bypass security checks and drain several asset pools. The breakdown of the stolen assets includes:
- 8,403,867.57 STX (Stacks tokens) worth $5,691,255.93
- 21.85 sBTC valued at $2,244,751.87
- 149,850 USDC/USDT equaling $149,850
- 2.80 WBTC/BTC amounting to $287,369.33
The total USD value of the stolen assets was $8,373,227.13, making this one of the largest exploits in the Stacks ecosystem to date. The ALEX team quickly paused all platform activities to contain the damage and began working with centralized exchanges to trace the stolen funds.
ALEX Protocol’s Response to the Hack
The ALEX Lab Foundation, the organization behind the protocol, acted swiftly to address the crisis. They announced a compensation plan to fully reimburse affected users using treasury funds. The reimbursement will be paid in USDC, calculated using the average on-chain exchange rates between 10:00 UTC and 14:00 UTC on June 6, 2025.
- Advertisement -
Here’s the official statement from ALEX Lab:
The claim process involves notifying affected wallet addresses by June 8, 2025, with a submission deadline of June 10, 2025. After verification, USDC payouts will be processed within seven business days. If you don’t receive a notification, please reach out to support@alexlab.co.
- Advertisement -
Community Reactions and Stacks Blockchain Clarifications
The exploit sparked mixed reactions on social media. Some users criticized ALEX, pointing out this wasn’t their first security incident—a 2024 hack had previously cost $4.3 million. Others, like Stacks developers, clarified that the issue was with ALEX’s smart contract design, not a flaw in the Stacks blockchain itself. The Stacks layer and sBTC protocol remained secure, with the sBTC bridge temporarily disabled to limit the attacker’s movements.
Also Read: BitMEX Outsmarts Lazarus Group: How a Crypto Exchange Exposed North Korean Hackers
What This Means for Bitcoin DeFi and Stacks
This incident underscores the challenges of building secure DeFi platforms on Bitcoin layer-2 solutions. While Stacks enables smart contracts for Bitcoin, such exploits highlight the need for rigorous security audits and robust verification processes. ALEX has promised a full post-mortem report to detail the technical causes and prevent future breaches. For now, their transparent response and commitment to reimbursing users may help restore trust.
This exploit serves as a reminder for DeFi users to stay vigilant and diversify their investments, even on platforms tied to Bitcoin’s robust security. As ALEX works to recover, the crypto community will be watching closely.
FAQs
What caused the ALEX Protocol hack on June 6, 2025?
The breach occurred because of a vulnerability in ALEX Protocol’s self-listing verification logic, which stemmed from an on-chain limitation of the Stacks blockchain. This flaw enabled attackers to drain the asset pools.
How much was stolen in the ALEX Protocol exploit?
The attacker made off with $8.3 million in assets, including STX, sBTC, USDC, USDT, and WBTC.
Will ALEX Protocol users be compensated?
Yes, the ALEX Lab Foundation will provide full reimbursement to affected users in USDC, with claims expected to be processed by mid-June 2025.
Is the Stacks blockchain secure after this exploit?
Yes, the Stacks blockchain and sBTC protocol were unaffected. The issue was specific to ALEX’s application layer.
