Bitcoin L2 protocol bridge Alex suffers $4.3M in losses after suspicious upgrades

The post Bitcoin L2 protocol bridge Alex suffers $4.3M in losses after suspicious upgrades appeared on BitcoinEthereumNews.com. The Alex protocol bridge on the BNB network has experienced $4.3 million in suspicious withdrawals following a sudden contract upgrade, according to a report from blockchain security platform CertiK on May 14. #CertiKInsight ???? We have seen a suspicious transaction affecting @ALEXLabBTC Initial evidence points to a possible private key compromise. Deployer of 0xb3955302E58FFFdf2da247E999Cd9755f652b13b upgrades to a suspicious implementation. In total ~$4.3m worth of assets have… pic.twitter.com/02kiw2dFrm — CertiK Alert (@CertiKAlert) May 14, 2024 The incident, which CertiK labeled as “a possible private key compromise,” has raised concerns about the security of the Bitcoin layer-2 protocol’s bridges. At the time of writing, the team from Alex has yet to confirm the exploit. Data from BscScan indicates that the Alex deployer initiated five upgrades to the platform’s Bridge Endpoint contract on the BNB Smart Chain. Following these upgrades, approximately $4.3 million worth of Binance-Pegged Bitcoin (BTC), USD Coin (USDC), and Sugar Kingdom Odyssey (SKO) were removed from the BNB Smart Chain side of the bridge. The upgrade transaction call effectively changed the implementation address to unverified bytecode, rendering the change inconspicuous to human language. Further investigation into the 05ed account revealed that it had created one unverified contract on May 10 and two more on May 14, despite having no prior activity. This suspicious behavior suggests that the account may be controlled by a malicious actor attempting to exploit the Alex protocol across multiple networks. In less than an hour after the upgrades were initiated, the proxy address for the bridge contract called an unverified function on another address, transferring 16 BTC ($983,000), 2.7 million SKO ($75,000), and $3.3 million worth of USDC. Shortly after, an account ending in 05ed, which had no transaction history before May 10, attempted to make two withdrawals from the “team address.” However, these withdrawal attempts…

May 14, 2024 - 23:00
 0  4
Bitcoin L2 protocol bridge Alex suffers $4.3M in losses after suspicious upgrades

The post Bitcoin L2 protocol bridge Alex suffers $4.3M in losses after suspicious upgrades appeared on BitcoinEthereumNews.com.

The Alex protocol bridge on the BNB network has experienced $4.3 million in suspicious withdrawals following a sudden contract upgrade, according to a report from blockchain security platform CertiK on May 14. #CertiKInsight ???? We have seen a suspicious transaction affecting @ALEXLabBTC Initial evidence points to a possible private key compromise. Deployer of 0xb3955302E58FFFdf2da247E999Cd9755f652b13b upgrades to a suspicious implementation. In total ~$4.3m worth of assets have… pic.twitter.com/02kiw2dFrm — CertiK Alert (@CertiKAlert) May 14, 2024 The incident, which CertiK labeled as “a possible private key compromise,” has raised concerns about the security of the Bitcoin layer-2 protocol’s bridges. At the time of writing, the team from Alex has yet to confirm the exploit. Data from BscScan indicates that the Alex deployer initiated five upgrades to the platform’s Bridge Endpoint contract on the BNB Smart Chain. Following these upgrades, approximately $4.3 million worth of Binance-Pegged Bitcoin (BTC), USD Coin (USDC), and Sugar Kingdom Odyssey (SKO) were removed from the BNB Smart Chain side of the bridge. The upgrade transaction call effectively changed the implementation address to unverified bytecode, rendering the change inconspicuous to human language. Further investigation into the 05ed account revealed that it had created one unverified contract on May 10 and two more on May 14, despite having no prior activity. This suspicious behavior suggests that the account may be controlled by a malicious actor attempting to exploit the Alex protocol across multiple networks. In less than an hour after the upgrades were initiated, the proxy address for the bridge contract called an unverified function on another address, transferring 16 BTC ($983,000), 2.7 million SKO ($75,000), and $3.3 million worth of USDC. Shortly after, an account ending in 05ed, which had no transaction history before May 10, attempted to make two withdrawals from the “team address.” However, these withdrawal attempts…

What's Your Reaction?

like

dislike

love

funny

angry

sad

wow