AlexLab (XLink Bridge): Phishing-compromised deployer private key → malicious proxy upgrades → vault drain
AlexLab's XLink bridge lost $4.3M after attackers phished the deployer private key, executed 5 rapid proxy upgrades, and drained the vault — with the attack later linked to the Lazarus Group.
Summary #
AlexLab (XLink Bridge) suffered a DEX / Bridge (Bitcoin L2 DeFi) on 2024-05-14, resulting in a loss of approximately $4M.
What happened #
AlexLab's XLink bridge lost $4.3M after attackers phished the deployer private key, executed 5 rapid proxy upgrades, and drained the vault — with the attack later linked to the Lazarus Group.
Linked factors #
- RD-F-006 — causal : Audit-deploy gap — alternate field name [via dashboard_risk_factors/Code newly deployed/upgraded?: Yes — attacker deployed malicious upgrades during the attack]
- RD-F-101 — illustrative : Large governance proposal queued — RT signal would have fired [via realtime_signals/Governance/admin action (Y/N): Y — proxy upgrade transactions by deployer wallet]