As a researcher with experience in blockchain security, I find the recent incident involving the Alex protocol bridge on the BNB network deeply concerning. According to reports, suspicious withdrawals totaling $4.3 million occurred just after the contract was suddenly upgraded by the protocol’s deployer account.
As a crypto investor, I closely monitor reports from reliable sources to stay informed about potential risks and developments in the market. Recently, CertiK, a renowned blockchain security platform, released a report on May 14, revealing that an unusual incident occurred with the Alex protocol bridge on the Binance Smart Chain (BNB) network. Shortly after the sudden upgrade of its contract, approximately $4.3 million in questionable transactions were detected. It is essential for us as investors to be aware of such occurrences to protect our investments and mitigate potential risks.
Alex functions as a Bitcoin-based decentralized finance protocol, as stated on its website. It offers the creation of financial applications directly on the Bitcoin blockchain. Notably, it utilizes bridges that enable asset transfers from other networks like Binance Smart Chain and Ethereum to its own platform.
As a researcher, I’ve uncovered some intriguing findings while examining the blockchain data. The Alex deployer account executed five identical upgrades to the “Bridge Endpoint” contract on BNB Smart Chain, starting from 3:56 pm UTC. Following these upgrades, an approximate total of $4.3 million in assets were transferred out of the BNB Smart Chain network. These assets consisted of Binance-Pegged Bitcoin (BTC), USD Coin (USDC), and Sugar Kingdom Odyssey (SKO).
Due to the fact that the upgrade was carried out using the protocol’s deployer account, Certik has classified the occurrence as a potential private key breach.
The update process modified the execution address to conclude with the digits 7058. This revised implementation comprises unverified bytecode, rendering it illegible for humans to decipher.
Approximately 48 minutes following the initiation of the upgrades, the proxy address linked to the bridge contract invoked an unauthenticated function towards an address concluding with “4848E”. Consequently, a sum valued at around $1.08 million in BTC (16 BTC), 2.7 million SKO ($75,000), and approximately $3.3 million in USDC stablecoin were transferred to the address labeled as “484E” at 4:44 pm.
As an analyst, I’ve noticed some concerning activity that warrants further investigation. At approximately 5:41 pm, following a questionable upgrade on BNB Smart Chain at around the same time, a similar sequence of upgrades took place on Ethereum. In this instance, the deployer updated the “artist address” to an unverified contract. Shortly after, an account with the ending “05ed” attempted to withdraw funds from the “team address.” However, these attempts were unsuccessful and resulted in a “not owner” error. It’s important to note that the attacker might be attempting similar actions on other networks as well.
Before May 10, there was no record of activity for the 05ed account. On May 10, an unconfirmed transaction occurred, leading to the creation of one contract. Two additional contracts were formed on May 14, raising suspicion that this account might be managed by a malicious user.
When the article was released, the Alex team hadn’t verified the vulnerability or spoken out about the occurrence yet.
In May, the Alex bridge wasn’t the only system to encounter a potential threat. On the 13th, it was reported that the decentralized exchange Equalizer suffered a loss of over 2,000 of its own tokens. The attacker had managed to steal them gradually over several days. Additionally, on May 6, Gnus.ai experienced a hack resulting in losses amounting to $1.27 million.
Read More
- Masters Toronto 2025: Everything You Need to Know
- We Loved Both of These Classic Sci-Fi Films (But They’re Pretty Much the Same Movie)
- Valorant Champions 2025: Paris Set to Host Esports’ Premier Event Across Two Iconic Venues
- ‘The budget card to beat right now’ — Radeon RX 9060 XT reviews are in, and it looks like a win for AMD
- Forza Horizon 5 Update Available Now, Includes Several PS5-Specific Fixes
- Gold Rate Forecast
- Street Fighter 6 Game-Key Card on Switch 2 is Considered to be a Digital Copy by Capcom
- The Lowdown on Labubu: What to Know About the Viral Toy
- Karate Kid: Legends Hits Important Global Box Office Milestone, Showing Promise Despite 59% RT Score
- Mario Kart World Sold More Than 780,000 Physical Copies in Japan in First Three Days
2024-05-14 23:47