Good contract analytics platform Fuzzland disclosed {that a} former worker was liable for a $2 million exploit that focused Bedrock’s UniBTC protocol in September 2024.
In a brand new transparency report, Fuzzland revealed that the insider used social engineering techniques, provide chain assaults and superior persistent menace methods to steal delicate knowledge that enabled the assault. The platform mentioned the attacker exploited the vulnerability in UniBTC after it was internally mentioned in an emergency response name.
The corporate added that its ex-employee inserted a malicious code that created backdoors in engineering workstations and remained undetected for weeks. The entry allowed the attacker to obtain delicate data and act on the vulnerability first flagged in a Dedaub report.
Fuzzland claimed that it had detected the vulnerability earlier than the assault. Nonetheless, it was deprioritized due to false constructive noise.
Fuzzland compensates Bedrock for $2 million exploit
The good contract safety platform mentioned it had compensated Bedrock for the damages and launched a joint investigation with safety agency ZeroShadow.
The corporate additionally filed experiences with Chinese language legislation enforcement and the FBI. It mentioned that it’s working with Seal 911 and SlowMist to reinforce industry-wide safety requirements.
Whereas there was about $2 million in losses due to the incident, Fuzzland mentioned no shopper or buyer knowledge was affected by the breach. The corporate mentioned the incident was remoted to a separate inner setting.
Bedrock is a multi-asset liquid restaking protocol providing UniBTC, UniETH and UnilOTX merchandise. These artificial representations of main blockchain tokens permit customers to earn yields via staking.
On Sept. 27, Bedrock confirmed that it had been exploited, which affected its UniBTC product. The attacker drained $2 million in liquidity from its decentralized change swimming pools. Regardless of the hack, Bedrock’s whole worth locked (TVL) grew from $240 million in September 2024 to $535 million in June 2025, according to DefiLlama.
Associated: Hardware wallet Ledger launches offline recovery key for new wallets
Hackers have stolen $2.1 billion in crypto in 2025
The report comes as hackers more and more shift from good contract vulnerabilities to social engineering schemes. On June 4, blockchain safety agency CertiK reported that over $2.1 billion has been stolen in crypto-related assaults in 2025.
The corporate mentioned a lot of the losses got here from phishing assaults and pockets compromises. CertiK co-founder Ronghui Gu mentioned the rise in social engineering assaults means that hackers are shifting their methods.
Journal: Older investors are risking everything for a crypto-funded retirement
