Good contract analytics platform Fuzzland disclosed {that a} former worker was chargeable for a $2 million exploit that focused Bedrock’s UniBTC protocol in September 2024.
In a brand new transparency report, Fuzzland revealed that the insider used social engineering ways, provide chain assaults and superior persistent risk strategies to steal delicate knowledge that enabled the assault. The platform stated the attacker exploited the vulnerability in UniBTC after it was internally mentioned in an emergency response name.
The corporate added that its ex-employee inserted a malicious code that created backdoors in engineering workstations and remained undetected for weeks. The entry allowed the attacker to obtain delicate data and act on the vulnerability first flagged in a Dedaub report.
Fuzzland claimed that it had detected the vulnerability earlier than the assault. Nevertheless, it was deprioritized due to false constructive noise.
Fuzzland compensates Bedrock for $2 million exploit
The good contract safety platform stated it had compensated Bedrock for the damages and launched a joint investigation with safety agency ZeroShadow.
The corporate additionally filed experiences with Chinese language regulation enforcement and the FBI. It stated that it’s working with Seal 911 and SlowMist to boost industry-wide safety requirements.
Whereas there was about $2 million in losses due to the incident, Fuzzland stated no shopper or buyer knowledge was affected by the breach. The corporate stated the incident was remoted to a separate inside setting.
Bedrock is a multi-asset liquid restaking protocol providing UniBTC, UniETH and UnilOTX merchandise. These artificial representations of main blockchain tokens permit customers to earn yields by means of staking.
On Sept. 27, Bedrock confirmed that it had been exploited, which affected its UniBTC product. The attacker drained $2 million in liquidity from its decentralized trade swimming pools. Regardless of the hack, Bedrock’s whole worth locked (TVL) grew from $240 million in September 2024 to $535 million in June 2025, based on DefiLlama.
Associated: {Hardware} pockets Ledger launches offline restoration key for brand spanking new wallets
Hackers have stolen $2.1 billion in crypto in 2025
The report comes as hackers more and more shift from good contract vulnerabilities to social engineering schemes. On June 4, blockchain safety agency CertiK reported that over $2.1 billion has been stolen in crypto-related assaults in 2025.
The corporate stated many of the losses got here from phishing assaults and pockets compromises. CertiK co-founder Ronghui Gu stated the rise in social engineering assaults means that hackers are shifting their methods.
Journal: Older buyers are risking every part for a crypto-funded retirement
