Smart contract analytics platform Fuzzland has disclosed that a former employee was responsible for a $2 million exploit that targeted Bedrock’s UniBTC protocol in September 2024
In a new transparency report, Fuzzland revealed that the insider used social engineering tactics, supply chain attacks and advanced persistent threat techniques to steal sensitive data that enabled the attack. The platform said the attacker exploited the vulnerability in UniBTC after it was internally discussed in an emergency response call
The company added that its ex-employee inserted a malicious code that created backdoors in engineering workstations and remained undetected for weeks. The access allowed the attacker to receive sensitive information and act on the vulnerability first flagged in a Dedaub report
Fuzzland claimed that it had detected the vulnerability before the attack. However, it was deprioritized because of false positive noise
Source:Fuzzland## Fuzzland compensates Bedrock for $2 million exploit
The smart contract security platform said it had compensated Bedrock for the damages and launched a joint investigation with security firm ZeroShadow
The company had also filed reports with Chinese law enforcement and the FBI. It also stated that it is working with Seal 911 and SlowMist to enhance industry-wide security standards.
While there are about $2 million in losses because of the incident, Fuzzland said no client or customer data was affected by the breach. The company said the incident was isolated in a separate internal environment
Bedrock is a multi-asset liquid restaking protocol offering UniBTC, UniETH and UnilOTX products. These synthetic representations of major blockchain tokens allow users to earn yield through staking
On Sept. 27, Bedrock confirmed that it had been exploited, which affected its UniBTC product. The attacker drained $2 million in liquidity from its decentralized exchange pools. Despite the hack, Bedrock’s total value locked (TVL) grew from $240 million in September 2024 to $535 million in June 2025, according to DefiLlama
Related:Hardware wallet Ledger launches offline recovery key for new wallets
Hackers have stolen $2.1 billion in crypto in 2025
The report comes as hackers increasingly shift from smart contract vulnerabilities to social engineering schemes. On June 4, blockchain security firm CertiK reported that over $2.1 billion has been stolen in crypto-related attacks in 2025
The company said most of the losses came from phishing attacks and wallet compromises. CertiK co-founder Ronghui Gu said the increase in social engineering attacks suggests that hackers are shifting their strategies
Magazine:Older investors are risking everything for a crypto-funded retirement
Ця сторінка може містити контент третіх осіб, який надається виключно в інформаційних цілях (не в якості запевнень/гарантій) і не повинен розглядатися як схвалення його поглядів компанією Gate, а також як фінансова або професійна консультація. Див. Застереження для отримання детальної інформації.
Fuzzland says ex-employee was behind $2M Bedrock UniBTC exploit
Smart contract analytics platform Fuzzland has disclosed that a former employee was responsible for a $2 million exploit that targeted Bedrock’s UniBTC protocol in September 2024
In a new transparency report, Fuzzland revealed that the insider used social engineering tactics, supply chain attacks and advanced persistent threat techniques to steal sensitive data that enabled the attack. The platform said the attacker exploited the vulnerability in UniBTC after it was internally discussed in an emergency response call
The company added that its ex-employee inserted a malicious code that created backdoors in engineering workstations and remained undetected for weeks. The access allowed the attacker to receive sensitive information and act on the vulnerability first flagged in a Dedaub report
Fuzzland claimed that it had detected the vulnerability before the attack. However, it was deprioritized because of false positive noise
The smart contract security platform said it had compensated Bedrock for the damages and launched a joint investigation with security firm ZeroShadow
The company had also filed reports with Chinese law enforcement and the FBI. It also stated that it is working with Seal 911 and SlowMist to enhance industry-wide security standards.
While there are about $2 million in losses because of the incident, Fuzzland said no client or customer data was affected by the breach. The company said the incident was isolated in a separate internal environment
Bedrock is a multi-asset liquid restaking protocol offering UniBTC, UniETH and UnilOTX products. These synthetic representations of major blockchain tokens allow users to earn yield through staking
On Sept. 27, Bedrock confirmed that it had been exploited, which affected its UniBTC product. The attacker drained $2 million in liquidity from its decentralized exchange pools. Despite the hack, Bedrock’s total value locked (TVL) grew from $240 million in September 2024 to $535 million in June 2025, according to DefiLlama
Related: Hardware wallet Ledger launches offline recovery key for new wallets
Hackers have stolen $2.1 billion in crypto in 2025
The report comes as hackers increasingly shift from smart contract vulnerabilities to social engineering schemes. On June 4, blockchain security firm CertiK reported that over $2.1 billion has been stolen in crypto-related attacks in 2025
The company said most of the losses came from phishing attacks and wallet compromises. CertiK co-founder Ronghui Gu said the increase in social engineering attacks suggests that hackers are shifting their strategies
Magazine: Older investors are risking everything for a crypto-funded retirement