ALEX Protocol lost $8.37 million when an attacker exploited a flaw in its token listing validation.
The incident took place on the Stacks blockchain and affected several asset pools. ALEX’s team announced plans to fully reimburse user losses.
ALEX Protocol Exploit
ALEX Protocol’s team discovered the breach through a bug in its self-listing verification logic. The hacker was able to empty pools holding STX, sBTC, stablecoins, and WBTC.
In total, the attacker drained 8,403,867.57 STX (worth about &5.69 million), 21.85 sBTC ($2.24 million), 149,850 USDC/USDT ($150K), and 2.8 WBTC ($287K). The team valued the total loss at $8,373,227.13.
ALEX Protocol immediately shared a compensation plan and promised full reimbursement in USDC. Affected wallet owners will receive a private on-chain notification by June 8, 2025, with a claim form.
Users must submit the form and confirm their receiving wallet address by June 10, 2025. Verified claims will be paid in USDC within seven business days.
The protocol urged anyone who does not get a claim notification by June 8 to contact support. ALEX’s quick response and open communication show its commitment to user safety and may help restore confidence after this hack.
Also Read: Breaking: Virtuals Protocol Discord Server Faces Hack, Users Warned About Scam Messages
Growing Trend of DeFi Attacks
DeFi protocol hacks have been rising steadily as more projects build complex smart contracts. Hackers often look for weak points in code or logic gaps that let them bypass security controls.
In the first half of 2025 alone, multiple platforms suffered major breaches. Experts warn that rushed audits or untested features can leave vulnerabilities exposed. As projects race to launch new products, security can fall by the wayside.
Other Recent Incidents
Cyvers Alerts reported a $12 million exploit on May 28, 2025, targeting a smart contract tied to CorkProtocol. A malicious contract appeared and was linked to an address starting with 0x4771.
It appears the attacker used a service provider address to deploy the harmful code. Details are still emerging, but the breach highlights the risks associated with third-party integrations.
On the Sui network, Cetus Protocol, a leading decentralised exchange and liquidity provider, lost around 223 million dollars worth of tokens.
The breach has sent shock waves across the Sui community, as many relied on Cetus for trading and liquidity. Users now await details on how the project will address the fallout and secure remaining funds.
These incidents underscore the fragile nature of DeFi ecosystems and the need for robust security measures. ALEX Protocol’s swift effort to compensate users sets a positive example for transparency and accountability.
Also Read: Chainflip Upgrades Protocol to Block Bybit Hacker Funds, Updates to Be Implemented in 24-72Hrs