
Alex Protocol, a Bitcoin-based decentralized finance (DeFi) platform operating on the Stacks blockchain, has reported a significant security breach resulting in the loss of approximately $8.3 million in digital assets. The exploit, which occurred on June 6, 2025, was attributed to a vulnerability in the platform’s self-listing verification logic, allowing attackers to drain liquidity from multiple asset pools.
The compromised assets included approximately 8.4 million Stacks (STX) tokens, 21.85 Stacks Bitcoin (sBTC), 149,850 in USDC and USDt, and 2.8 Wrapped Bitcoin (WBTC). This incident marks one of the most substantial exploits within the Stacks ecosystem to date.
In response, the Alex Lab Foundation, which supports the protocol, has committed to fully reimbursing affected users using its treasury reserves. Compensation will be issued in USDC tokens, with reimbursement calculations based on the average on-chain exchange rates between 10:00 am and 2:00 pm UTC on the day of the attack. Affected wallets will receive on-chain notifications by June 8, including personalized claim forms. Users are required to submit these forms, along with a valid receiving wallet address, by June 10 to qualify for compensation. The foundation aims to verify claims promptly and disburse USDC payments within seven days post-submission.
This is not the first security incident for Alex Protocol. In May 2024, the platform suffered a $4.3 million exploit targeting its cross-chain bridge infrastructure. The attack was suspected to be linked to the North Korean cybercrime group Lazarus. The team identified three wallets involved and collaborated with blockchain analyst ZachXBT to trace the stolen funds.
The recurrence of such exploits raises concerns about the security measures in place within DeFi platforms, particularly those operating on emerging blockchain ecosystems like Stacks. The Alex Lab Foundation has indicated plans to publish a detailed post-mortem report to provide insights into the vulnerability and outline measures to prevent future incidents.