Alex Protocol, a Bitcoin-based DeFi platform built on the Stacks blockchain, has been exploited for $8.3 million in digital assets, marking its second major security breach in just over a month. The attack occurred on June 6 and exploited a flaw in the protocol’s self-listing verification system, allowing hackers to drain liquidity from multiple asset pools.

The stolen assets include roughly 8.4 million Stacks tokens, 21.85 sBTC, 149,850 in combined USDC and USDt, and 2.8 Wrapped Bitcoin—making it one of the most significant attacks ever recorded on the Stacks ecosystem.

In a public statement, the Alex Lab Foundation committed to fully reimbursing all impacted users. Compensation will be distributed in USDC and calculated based on average onchain rates between 10:00 am and 2:00 pm UTC on the day of the hack. Affected wallets will receive onchain notifications by June 8, along with a claim form. Completed forms must be submitted by June 10, and verified users are expected to receive their reimbursement within seven days.

While the team has not disclosed full technical details of the exploit, a comprehensive post-mortem report is in development. Users without claim notifications have been advised to contact the team directly via email.

This breach follows a $4.3 million hack in May 2024, which targeted Alex Protocol’s crosschain bridge. That earlier incident was suspected to be linked to the North Korean Lazarus Group. The team worked with blockchain investigator ZachXBT to trace the stolen assets tied to that attack.

With two back-to-back breaches, the security of Bitcoin-based DeFi platforms is once again under serious scrutiny.