Good contract analytics platform Fuzzland disclosed {that a} former worker was liable for a $2 million exploit that focused Bedrock’s UniBTC protocol in September 2024.
In a brand new transparency report, Fuzzland revealed that the insider used social engineering ways, provide chain assaults and superior persistent menace strategies to steal delicate information that enabled the assault. The platform mentioned the attacker exploited the vulnerability in UniBTC after it was internally mentioned in an emergency response name.
The corporate added that its ex-employee inserted a malicious code that created backdoors in engineering workstations and remained undetected for weeks. The entry allowed the attacker to obtain delicate info and act on the vulnerability first flagged in a Dedaub report.
Fuzzland claimed that it had detected the vulnerability earlier than the assault. Nonetheless, it was deprioritized due to false optimistic noise.
Fuzzland compensates Bedrock for $2 million exploit
The sensible contract safety platform mentioned it had compensated Bedrock for the damages and launched a joint investigation with safety agency ZeroShadow.
The corporate additionally filed studies with Chinese language regulation enforcement and the FBI. It mentioned that it’s working with Seal 911 and SlowMist to boost industry-wide safety requirements.
Whereas there was about $2 million in losses due to the incident, Fuzzland mentioned no consumer or buyer information was affected by the breach. The corporate mentioned the incident was remoted to a separate inner surroundings.
Bedrock is a multi-asset liquid restaking protocol providing UniBTC, UniETH and UnilOTX merchandise. These artificial representations of main blockchain tokens permit customers to earn yields via staking.
On Sept. 27, Bedrock confirmed that it had been exploited, which affected its UniBTC product. The attacker drained $2 million in liquidity from its decentralized alternate swimming pools. Regardless of the hack, Bedrock’s complete worth locked (TVL) grew from $240 million in September 2024 to $535 million in June 2025, in accordance with DefiLlama.
Associated: {Hardware} pockets Ledger launches offline restoration key for brand spanking new wallets
Hackers have stolen $2.1 billion in crypto in 2025
The report comes as hackers more and more shift from sensible contract vulnerabilities to social engineering schemes. On June 4, blockchain safety agency CertiK reported that over $2.1 billion has been stolen in crypto-related assaults in 2025.
The corporate mentioned a lot of the losses got here from phishing assaults and pockets compromises. CertiK co-founder Ronghui Gu mentioned the rise in social engineering assaults means that hackers are shifting their methods.
Journal: Older buyers are risking all the things for a crypto-funded retirement
