An Insider Job

Smart contract analytics firm Fuzzland has revealed that a former employee orchestrated a $2 million exploit against Bedrock's UniBTC protocol in September 2024.

According to a transparency report released this week, the insider used social engineering, supply chain attacks, and advanced persistent threat (APT) techniques to steal sensitive data over three weeks.

The attacker exploited a vulnerability in UniBTC shortly after it was discussed internally during an emergency response call, leveraging privileged access to bypass security measures.

When this ex-employee came to know about the vulnerability, he implanted a malicious code that created backdoors in engineering workstations, remaining undetected for weeks.

This access enabled the attacker to act on a vulnerability, first identified in a Dedaub report – intelligence that was improperly accessed through compromised internal systems.

Fuzzland acknowledged it had detected the vulnerability prior to the attack but deprioritized it due to "false positive noise," a critical oversight that allowed the exploit to proceed.

Fuzzland has fully compensated Bedrock for the $2 million loss and launched a joint investigation with cybersecurity firm ZeroShadow.

The company filed reports with Chinese law enforcement and the FBI, while partnering with Seal 911 and SlowMist to develop enhanced security standards.

But most importantly, no client or customer data was compromised, as the breach was isolated to an internal environment.

Despite the September 2024 attack that drained $2 million from UniBTC's decentralized exchange pools, Bedrock – a multi-asset liquid restaking protocol – demonstrated remarkable recovery.

Its total value locked (TVL) surged from $240 million at the time of the exploit to $535 million by June 2025, according to DefiLlama.

Bedrock's UniBTC, UniETH, and UniLOTX products allow users to earn yield through synthetic representations of major blockchain tokens.

This insider attack occurs amid a concerning shift in crypto theft patterns. Blockchain security firm CertiK reports that over $2.1 billion has been stolen in 2025, with phishing and wallet compromises now surpassing smart contract vulnerabilities as the primary attack vectors.