The attacker exploited a vulnerability in the protocol’s self-listing verification logic, a core component designed to enforce on-chain limits on the Stacks blockchain.

The breakdown of stolen assets includes:

• 8.4M STX worth $5.69M
• 21.85 sBTC worth $2.24M
• 149,850 USDC/USDT
• 2.8 WBTC valued at $287K

This marks ALEX Lab’s second major security incident in two years, raising renewed concerns over smart contract risk in emerging Bitcoin DeFi protocols.

Reimbursement Plan: 100% Coverage in USDC

In response, the ALEX Lab Foundation has committed to fully reimbursing all affected users in USDC, using its treasury reserves. Reimbursement amounts will be based on the average on-chain exchange rates recorded between 10:00–14:00 UTC on June 6, 2025.

“We are fully committed to restoring every affected user’s funds,” ALEX Lab stated. “The total repayment value is $8,373,227.13.”

READ MORE:

Bitcoin Targeting $120,000 While Altcoins Signal Historic Breakout Potential

Claim Timeline and Process

• By June 8, 23:59 UTC: Affected wallets will receive an on-chain notification with a private link to a claim form.
• By June 10, 23:59 UTC: Users must submit the form and confirm their receiving wallet address.
• Within 7 Business Days: Verified users will receive their USDC reimbursement.

Security Concerns Linger, Community Reacts

The ALEX Lab exploit follows a string of vulnerabilities across DeFi protocols, particularly those building on Bitcoin-related infrastructure like Stacks. While the swift commitment to full reimbursement has been praised, some in the community question whether ALEX Lab can regain trust without deeper structural reform.

With rising interest in Bitcoin DeFi, this event is a stark reminder of the ongoing challenges in securing decentralized finance protocols, even amid innovation.

The post Bitcoin DeFi platform Hit by $8.3M Exploit, Promises Full USDC Reimbursement appeared first on Coindoo.