Alex Bridge Loses Over $4M After Upgrade

Reading Time: 2 minutes
  • The Alex bridge on Binance Smart Chain (BSC) has lost more than $4 million shortly after undergoing an upgrade
  • The funds stolen were in BTC and USDC among other coins
  • Alex is a Bitcoin scaling layer with its bridges on other chains used to move assets between Bitcoin and other networks

The Alex bridge on Binance Smart Chain (BSC) has seen over $4 million drained from the platform according to blockchain security firm Certik. The funds left the bridge after an abrupt upgrade to some of its modules, something that the security firm attributed to a possible private key compromise. Most of the funds were in BTC and USDC. The bridge has acknowledged the exploit, adding that it’s working with key entities like exchanges to track and recover the funds.

Attacker Identified, Funds Frozen

The bridge underwent five unscheduled upgrades that resulted in a change in the implementation address. Less than an hour later, the platform started recording suspicious withdrawals.

The malicious actor also attempted to make similar upgrades on the bridge on other blockchains like Ethereum but his attempt to withdraw funds was unsuccessful.

Responding to the incident, Alex disclosed that “a significant amount of the funds […] has been frozen by major exchanges.” The protocol also noted that it “has identified” the malicious actor and it has contacted the attacker with a 10% bounty offer.

Alex said that it won’t involve law enforcement agencies if the exploiter agrees to the bounty terms. The protocol, however, noted that the attacker has until May 18 to honor the deal.

Sonne Finance Exploited for $20 Million

Alex isn’t the only protocol to be exploited in the last 48 hours. Sonne Finance on Ethereum scaling layer Optimism has also been exploited with roughly $20 million siphoned from the platform. Sonne Finance said they’re ready to offer a bounty although it admitted that it’s yet to identify the attacker.

Other projects like the Munchables NFT game, Blueberry and Rain are also among blockchain projects to be compromised within the last three months.

With Alex identifying the attacker, it’s likely he’ll accept the bounty deal