Alex Lab Blames North Korea’s Lazarus Group for $4M Exploit

Alex Lab blames North Korea’s Lazarus Group over hacking its platform for $4.3 million.

Hands pointing at an incoming fiery storm what looks like Kim Jong Un's face.
Created by Gabor Kovacs from DailyCoin
  • Alex Lab has identified the hacker who stole millions from its platform last month.
  • The protocol said it has “substantial transaction evidence” against the hacker.
  • Efforts to recover the stolen assets are underway.

Decentralized finance (DeFi) protocol Alex Lab said on Tuesday the multimillion-dollar attack it encountered last month could be tied to the dreaded North Korean hacking alliance Lazarus Group.

The Bitcoin Layer 2 platform was exploited on the BNB chain on May 14 via its XLink Bridge, resulting in a loss of crypto assets worth $4.3 million. While the protocol claimed it knew the hacker’s identity, it offered a 10% bounty on the stolen funds in exchange for the return of 90% of assets.

Alex Lab Points to Lazarus Group

According to an X (Twitter) post shared on June 25, the Alex Lab team uncovered “substantial transaction evidence” linking the May attack to Lazarus Group after extensive forensic analysis and investigations facilitated by blockchain sleuth ZachXBT.


The team shared multiple blockchain addresses and transactions that were “crucial” in tracing the hackers and the flow of stolen assets. This included two addresses directly linked to the exploit and two addresses connected to the North Korean hacking consortium.  

“We are actively collaborating with international law enforcement and cybersecurity experts to address the implications of this attack and to recover lost assets.” The team wrote. “Enhanced security protocols are being implemented to fortify our platform against similar threats.”

Commenting on the ongoing investigation in a separate post, the team said it has facilitated contact with the Singapore Police Force and relevant centralized exchanges (CEXs) to maintain the security of the stolen assets.

Among the stolen assets include STX, which the team tracked to CEXs.


“Many of those STX that we traced to CEXs are currently frozen with the relevant exchanges indicating that they will continue to freeze stolen assets pending the police investigations,” the team wrote.

The foundation overseeing Alex Lab said it will make an “appropriate” announcement as soon as the frozen funds can be returned to the affected users.

Read how OKX witnessed outflows after user accounts were reportedly hacked:
OKX Exchange Loses Millions After User Accounts Hacked

Stay updated on the recovery of Ronin hacking loot:
$5.7M Ronin Hack Loot Recovered & Returned in Norway

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Brian Danga

Brian Danga, a Kenyan crypto reporter, is dedicated to delivering breaking news and updates from the cryptocurrency world. With a background as a Web3 writer and project manager, he recognizes the importance of unbiased reporting. Holding an LLB degree from the University of Nairobi, Brian's analytical skills contribute to his accurate news reporting. His personal interests include cooking, watching documentaries, reading, and engaging in intellectual discussions.