How Does ALEX Lab Work?

DEX|Risk C-|7 mechanisms|6 interactions

A decentralized exchange built on Stacks (a Bitcoin layer). It holds under $1M in deposits after a $4.3M hack in May 2024 attributed to North Korean hackers who compromised the deployer keys. Its C- grade reflects the severe exploit history and ongoing bridge security concerns.

TVL

$907,000

Sector

DEX

Risk Grade

C-

Value Grade

D

Core Mechanisms

DEX/AMM

Fixed-weight AMM pools on Stacks (Clarity-based)

Standard AMM pattern implemented in Clarity on Stacks.

DEX/Orderbook

On-chain order book matching on Stacks

Standard order book pattern.

Bridge/Cross-Chain

Novel

XLink cross-chain bridge connecting Bitcoin/Stacks to EVM chains

Novel cross-chain bridge connecting Bitcoin ecosystem to EVM. Single point of failure for wrapped asset backing.

Yield/Farming

Liquidity mining with ALEX token rewards

Standard yield farming pattern.

Governance/DAO

ALEX token governance

Standard governance token.

Token/Launchpad

Token launchpad for Stacks ecosystem projects

Standard launchpad pattern.

Lending/Pool-Based

Lending pools on Stacks

Standard lending pool pattern on Stacks.

How the Pieces Interact

Deployer key managementSmart contract upgradesCritical

Compromised deployer keys (Lazarus Group, May 2024) enabled $4.3M drain. Root cause was insufficient key management practices, not smart contract bugs.

XLink bridgeWrapped asset backingHigh

XLink bridge failure would leave wrapped assets on Stacks unbacked, causing immediate depeg and liquidity collapse across ALEX's orderbook and AMM.

Stacks PoXBitcoin miner dependencyHigh

Stacks consensus depends on Bitcoin miners. Miner censorship or regulatory action could break the Bitcoin-Stacks relationship.

AMM poolsLow liquidityMedium

Thin liquidity on Stacks-based pools enables price manipulation and high slippage on moderate-sized trades.

Token launchpadEcosystem token qualityMedium

Launchpad-listed tokens may have poor fundamentals, creating reputational risk and potential rug pull exposure for participants.

See all 6 interactions in the full risk report →

What Could Go Wrong

  1. Exploited for $4.3M in May 2024 via compromised deployer keys attributed to Lazarus Group. Key management practices were the root cause, a protocol-level infrastructure failure.
  2. XLink cross-chain bridge is a single point of failure. Another bridge exploit would leave wrapped assets on Stacks unbacked, causing immediate depeg across ALEX's DEX.
  3. Stacks PoX (Proof of Transfer) dependency on Bitcoin miners creates centralization risk; regulatory action against miners could break the Bitcoin-Stacks peg.

XLink Bridge Exploit and Wrapped Asset Depeg

Elevated

Trigger: XLink bridge is compromised via key theft or smart contract exploit, unbacking wrapped assets on Stacks

  1. 1.Attacker exploits XLink bridge to drain backed assets Wrapped tokens on Stacks become unbacked and immediately depeg
  2. 2.Panic selling of wrapped assets crashes ALEX DEX pools AMM and orderbook liquidity evaporates as traders flee
  3. 3.ALEX token crashes as protocol viability is questioned after second major exploit Governance credibility destroyed; treasury insufficient for another reimbursement
See all 2 collapse scenarios in the full risk report →

Risk Profile at a Glance

Mechanism Novelty3/15
Interaction Severity17/20
Oracle Surface5/10
Documentation Gaps4/10
Track Record15/15
Scale Exposure0/10
Regulatory Risk4/10
Vitality Risk7/10
C-

Overall: C- (55/100)

Lower score = safer

More on ALEX Lab

Is ALEX Lab Safe?

Safety analysis

Is ALEX Lab a Good Investment?

Value analysis

Full Risk Report

All mechanisms & interactions

Related DEX Explainers

How Does THORChain Work?DHow Does Cetus Protocol Work?D+How Does Balancer V2 Work?C-How Does PulseX V2 Work?C-How Does WOOFi Work?C