Fuzzland says ex-employee was behind $2M Bedrock UniBTC exploit

Smart contract analytics platform Fuzzland has disclosed that a former employee was responsible for a $2 million exploit that targeted Bedrock’s UniBTC protocol in September 2024

In a new transparency report, Fuzzland revealed that the insider used social engineering tactics, supply chain attacks and advanced persistent threat techniques to steal sensitive data that enabled the attack. The platform said the attacker exploited the vulnerability in UniBTC after it was internally discussed in an emergency response call

The company added that its ex-employee inserted a malicious code that created backdoors in engineering workstations and remained undetected for weeks. The access allowed the attacker to receive sensitive information and act on the vulnerability first flagged in a Dedaub report

Fuzzland claimed that it had detected the vulnerability before the attack. However, it was deprioritized because of false positive noise

Source: Fuzzland## Fuzzland compensates Bedrock for $2 million exploit

The smart contract security platform said it had compensated Bedrock for the damages and launched a joint investigation with security firm ZeroShadow

The company had also filed reports with Chinese law enforcement and the FBI. It also stated that it is working with Seal 911 and SlowMist to enhance industry-wide security standards.

While there are about $2 million in losses because of the incident, Fuzzland said no client or customer data was affected by the breach. The company said the incident was isolated in a separate internal environment

Bedrock is a multi-asset liquid restaking protocol offering UniBTC, UniETH and UnilOTX products. These synthetic representations of major blockchain tokens allow users to earn yield through staking

On Sept. 27, Bedrock confirmed that it had been exploited, which affected its UniBTC product. The attacker drained $2 million in liquidity from its decentralized exchange pools. Despite the hack, Bedrock’s total value locked (TVL) grew from $240 million in September 2024 to $535 million in June 2025, according to DefiLlama

Related: Hardware wallet Ledger launches offline recovery key for new wallets

Hackers have stolen $2.1 billion in crypto in 2025

The report comes as hackers increasingly shift from smart contract vulnerabilities to social engineering schemes. On June 4, blockchain security firm CertiK reported that over $2.1 billion has been stolen in crypto-related attacks in 2025

The company said most of the losses came from phishing attacks and wallet compromises. CertiK co-founder Ronghui Gu said the increase in social engineering attacks suggests that hackers are shifting their strategies

Magazine: Older investors are risking everything for a crypto-funded retirement

• #Blockchain
• #Security
• #Hackers
• #Cybersecurity
• #Hacks Add reaction