A security breach at Bitcoin DeFi protocol Alex Lab has spilled over into traditional finance, with reports indicating that customers of Shanghai Pudong Development Bank (SPD Bank) were among those affected by the latest exploit. According to ChainCatcher, the incident underscores how North Korean-linked hacker groups, including Lazarus, are increasingly blending attacks on DeFi protocols with traditional banking targets.
Alex Lab, built on the Stacks (STX) network, suffered a major security breach on June 6, 2025, resulting in the loss of approximately $8.3 million in digital assets. The stolen funds included 8.4 million STX, 21.85 sBTC, and several hundred thousand dollars worth of USDT, USDC, and wBTC. In response, the protocol pledged to fully reimburse affected users from its treasury while cooperating with law enforcement and exchanges to track the stolen funds.
This was not Alex Lab's first serious incident. Security firm Halborn noted that the hack was caused by the protocol's inability to identify failed transactions on the Stacks blockchain, exposing a critical flaw in its self-listing verification logic. Earlier, a 2024 attack on Alex's cross-chain bridge, XLink, drained over $4 million, with investigators later tying the operation to North Korea's Lazarus Group.
A joint sanctions-evasion dossier published by Japan's Ministry of Foreign Affairs lists both Alex Lab and SPD Bank as entities targeted or compromised by DPRK-linked advanced persistent threat (APT) clusters such as Kimsuky and TraderTraitor. This document highlights how North Korean cyber units have increasingly combined traditional finance targets with DeFi protocols in multi-stage laundering workflows.
Separately, blockchain intelligence firm TRM Labs reports that North Korea-linked actors have stolen approximately $577 million in the first four months of 2026, accounting for 76% of all global crypto hacking losses. Pyongyang's share of global crypto theft has surged from 22% in 2022 to 76% in 2026, with cumulative illicit takings since 2017 now exceeding $6 billion.
The TRM Labs report highlights two April 2026 exploits as primary drivers: a $292 million attack on KelpDAO and a $285 million theft from Drift Protocol. Together, these two incidents account for nearly all losses so far this year. The concentration of large-scale thefts in DeFi and restaking protocols underscores structural risks in smart contract and bridge design, tightening liquidity across interconnected ecosystems as market makers and lenders de-risk exposure.
Regulators and market participants are now closely watching whether Alex Lab can credibly rebuild security after repeated failures and whether Chinese authorities will move to shield banks from further digital-asset contagion. The growing dominance of North Korean-linked hacking is likely to intensify pressure on centralized exchanges, OTC desks, and mixers to block known laundering channels, raising compliance costs across the industry.
