ALEX Lab, which operates a Bitcoin layer-two network bridge for the Stacks blockchain, has provided an update on a recent hack.
Flooding
On June 17, the hacker executed over 9,700 transactions and systematically created new wallet addresses to distribute the stolen STX tokens.
This caused the volume of traceable transactions to skyrocket from 300 to more than 9,600, with the number of unique addresses under the hacker’s control increasing from fewer than 100 to over 4,700 in just one week.
It’s either Bitcoin or not
Layer-two networks are separate systems and don’t have the same security and reliability as the parent network.
Stacks is a smart contract platform; it’s NOT Bitcoin, but the system sends on-chain transactions to the Bitcoin network, using that as final confirmation. In this way, transactions that are already in a Bitcoin block are verified on the Stacks network.
This is the so-called proof-of-transaction method.
But this is only good for past transactions; it doesn’t provide any defense for the Stacks network itself. Bridge services are third-party services where users give up ownership of their keys and take on risks such as cyberattacks, exit scams, and code bugs.
The hacker’s tactic of transferring small amounts of STX to thousands of new addresses and then funneling these into Centralized Exchanges makes recovery efforts pretty complicated.
While most CEXs are cooperating with ALEX Lab to recover the funds, the hacker has been quick to adapt, hopping between the target CEXs to avoid capture.
Hide and seek
Traceable STX deposits into CEXs reached 8,373,587 STX, which is about $15 million. The hacker’s on-chain balance in the known addresses is around 5,560,332 STX, valued at approximately $9.9 million when considering only wallets holding more than 100 STX.
This exploit began in mid-May, and despite ALEX Lab offering a 10% bounty for the return of 90% of the stolen funds, the hacker hasn’t taken the bait.
ALEX Lab is committed to tracking and recovering the stolen funds, working closely with CEXs.
In the Bitcoin community, many warn that this incident should lead to a bigger revelation for layer-two networks and bridge service users to prepare for future hacks, as these third parties always represent security risks.
