Fuzzland Reveals Ex-Employee Behind $2M Bedrock UniBTC Exploit

Smart contract analytics platform Fuzzland disclosed {that a} former worker was liable for a $2 million exploit that focused Bedrock’s UniBTC protocol in September 2024. 

In a brand new transparency report, Fuzzland revealed that the insider used social engineering techniques, provide chain assaults and superior persistent risk methods to steal delicate knowledge that enabled the assault. The platform mentioned the attacker exploited the vulnerability in UniBTC after it was internally mentioned in an emergency response name. 

The firm added that its ex-employee inserted a malicious code that created backdoors in engineering workstations and remained undetected for weeks. The entry allowed the attacker to obtain delicate info and act on the vulnerability first flagged in a Dedaub report. 

Fuzzland claimed that it had detected the vulnerability earlier than the assault. However, it was deprioritized due to false constructive noise. 

Fuzzland compensates Bedrock for $2 million exploit

The sensible contract safety platform mentioned it had compensated Bedrock for the damages and launched a joint investigation with safety agency ZeroShadow. 

The firm additionally filed experiences with Chinese legislation enforcement and the FBI. It mentioned that it’s working with Seal 911 and SlowMist to boost industry-wide safety requirements.

While there was about $2 million in losses due to the incident, Fuzzland mentioned no shopper or buyer knowledge was affected by the breach. The firm mentioned the incident was remoted to a separate inside atmosphere. 

Bedrock is a multi-asset liquid restaking protocol providing UniBTC, UniETH and UnilOTX merchandise. These artificial representations of main blockchain tokens enable customers to earn yields via staking. 

On Sept. 27, Bedrock confirmed that it had been exploited, which affected its UniBTC product. The attacker drained $2 million in liquidity from its decentralized alternate swimming pools. Despite the hack, Bedrock’s whole worth locked (TVL) grew from $240 million in September 2024 to $535 million in June 2025, based on DefiLlama. 

Related: Hardware pockets Ledger launches offline restoration key for brand spanking new wallets

Hackers have stolen $2.1 billion in crypto in 2025

The report comes as hackers more and more shift from sensible contract vulnerabilities to social engineering schemes. On June 4, blockchain safety agency CertiK reported that over $2.1 billion has been stolen in crypto-related assaults in 2025. 

The firm mentioned a lot of the losses got here from phishing assaults and pockets compromises. CertiK co-founder Ronghui Gu mentioned the rise in social engineering assaults means that hackers are shifting their methods. 

Magazine: Older buyers are risking the whole lot for a crypto-funded retirement