Market Cap: $2.6754T -0.860%
Volume(24h): $130.019B 63.090%
  • Market Cap: $2.6754T -0.860%
  • Volume(24h): $130.019B 63.090%
  • Fear & Greed Index:
  • Market Cap: $2.6754T -0.860%
Cryptos
Topics
Cryptospedia
News
CryptosTopics
Videos
Top News
Cryptos
Topics
Cryptospedia
News
CryptosTopics
Videos
bitcoin
bitcoin

$83571.608249 USD

-1.38%

ethereum
ethereum

$1826.028236 USD

-3.02%

tether
tether

$0.999839 USD

-0.01%

xrp
xrp

$2.053149 USD

-2.48%

bnb
bnb

$601.140115 USD

-0.44%

solana
solana

$120.357332 USD

-3.79%

usd-coin
usd-coin

$0.999833 USD

-0.02%

dogecoin
dogecoin

$0.166175 USD

-3.43%

cardano
cardano

$0.652521 USD

-3.00%

tron
tron

$0.236809 USD

-0.59%

toncoin
toncoin

$3.785339 USD

-5.02%

chainlink
chainlink

$13.253231 USD

-3.91%

unus-sed-leo
unus-sed-leo

$9.397427 USD

-0.19%

stellar
stellar

$0.266444 USD

-1.00%

sui
sui

$2.409007 USD

1.15%

Cryptocurrency News Articles

$4.3 Million Vanishes in Suspicious Alex Bridge Exploit

May 15, 2024 at 04:00 am

On May 14, CertiK reported that $4.3 million was withdrawn from the BNB Smart Chain-based Alex protocol bridge after a suspicious contract upgrade. The upgrade, executed by the protocol's deployer account, involved replacing the implementation address with unverified bytecode. Subsequently, funds were transferred to an unknown address, raising concerns about a possible private key compromise.

$4.3 Million Vanishes in Suspicious Alex Bridge Exploit

Alex Bridge Exploited for $4.3 Million in Suspicious Withdrawals

May 14, 2023 - The Alex protocol bridge, a gateway connecting the Bitcoin layer-2 protocol to other networks, has fallen victim to a sophisticated exploit, resulting in the loss of approximately $4.3 million in digital assets.

Blockchain security platform CertiK released a report on May 14, detailing the incident that occurred just hours after the bridge's contract was mysteriously upgraded five times in rapid succession. The upgrades, initiated by the protocol's deployer account, raised immediate concerns of a potential private key compromise.

The new implementation address, ending in 7058, contained unverified bytecode, rendering it indecipherable to human readers. Within an hour of the upgrades, the proxy address for the bridge contract executed an unverified function on an address ending in 4848E. This action triggered the transfer of a substantial amount of Binance-Pegged Bitcoin (BTC), USD Coin (USDC), and Sugar Kingdom Odyssey (SKO) from the BNB Smart Chain leg of the bridge into the 484E address.

The attacker's motive appears to extend beyond the BNB Smart Chain network. At 5:41 pm UTC, minutes after the exploit on BNB Smart Chain, a similar series of upgrades occurred on Ethereum. The deployer upgraded the "artist address" to an unverified contract, followed by an attempt to withdraw funds from the "team address" by an account ending in 05ed. However, the withdrawal attempts failed, returning a "not owner" error.

The 05ed account, which exhibited no activity before May 10, raised suspicions of malicious intent. Its creation of three unverified contracts within a short period suggested control by a malicious actor.

At the time of this report's publication, the Alex team had yet to confirm the exploit or comment on the incident. The attack marks a growing trend of protocol exploits in the decentralized finance (DeFi) space, with Equalizer and Gnus.ai reporting losses exceeding $3.5 million combined in May alone.

The Alex bridge incident highlights the ongoing security risks associated with DeFi platforms and the need for robust security measures to protect user funds. CertiK's comprehensive investigation underscores the importance of thorough audits and regular security reviews to identify and mitigate potential vulnerabilities.

The incident serves as a stark reminder that the security of DeFi platforms is paramount, and users should exercise due diligence in selecting and interacting with protocols. Developers must prioritize the implementation of rigorous security protocols and transparency to instill trust and confidence among users.

Disclaimer:info@kdj.com

The information provided is not trading advice. kdj.com does not assume any responsibility for any investments made based on the information provided in this article. Cryptocurrencies are highly volatile and it is highly recommended that you invest with caution after thorough research!

If you believe that the content used on this website infringes your copyright, please contact us immediately (info@kdj.com) and we will delete it promptly.

Other articles published on Apr 03, 2025