Fuzzland has disclosed a $2 million insider attack that targeted Bedrock’s UniBTC protocol in September 2024, was carried out by a former employee who used malware, social engineering, and privileged access to compromise internal systems.
Fuzzland has taken full responsibility for the breach and reimbursed all affected parties.
Fuzzland, in a post on X, revealed that a past employee exploited the UniBTC protocol via a sophisticated insider operation. The individual joined the company under the guise of a skilled MEV developer and later inserted a trojan into Fuzzland’s MEV codebase using a malicious Rust crate named rands.
The attack vector began with social engineering. The former employee impressed during interviews and demonstrated a functioning MEV bot, earning access to the company’s infrastructure.
On September 4, 2024, the attacker modified the project’s Cargo.toml file to include the trojan, which auto-executed in commonly used IDEs such as VSCode and JetBrains.
The malware allowed persistent, undetected access to engineering workstations for over three weeks. Security tools such as Falcon and AVG failed to detect the intrusion.
However, on September 26, Fuzzland discussed a vulnerability in UniBTC, discovered in a Dedaub report, during an emergency call. Just over an hour later, at 18:28 UTC, the UniBTC protocol was exploited.
In response, Fuzzland compensated Bedrock for its losses using company funds. The firm enlisted Web3 security firm zeroShadow to investigate the breach and rule out any internal collusion. It also filed reports with both the FBI and Chinese law enforcement to pursue criminal action.
Despite the attack, Bedrock’s total value locked (TVL) grew from $240 million in September 2024 to $535 million in June 2025, according to DeFiLlama data.
To safeguard its systems from future incidence, Fuzzland launched new internal controls and adopted enhanced vetting procedures.
This includes on-site employee screenings, detailed know-your-employee (KYE) verification, and strict privilege separation. Sensitive systems remain isolated, and private keys are secured in trusted execution environments (TEEs).
According to its report, Fuzzland has implemented software bill of materials (SBOM) checks across all codebases. This ensures that any malicious dependencies are flagged before deployment.
Fuzzland also expanded its source code analysis capabilities by integrating tools like CodeQL and CodeRabbit.
Additionally, Fuzzland reinforced its protocols for handling intelligence under TLP:RED, ensuring strict need-to-know access for vulnerability information.
Fuzzland also acknowledged the contributions of Bedrock, SEAL 911, Slowmist, and zeroShadow in coordinating a swift response. It shared threat indicators such as suspicious IP addresses and malware samples on VirusTotal to assist the broader security community.
Notably, the crypto industry continues to see a rise in crypto hacks driven by phishing and social engineering. Blockchain security firm CertiK reported that over $364 million was stolen in April 2025. This amounted to a 1,163% surge from the $28.8 million stolen in March.
In one of the year’s most severe breaches, hackers stole 3,520 Bitcoins worth $330.7 million from a U.S. senior citizen.
Meanwhile, the biggest hack to date remains the Bybit hack on February 21. The exchange suffered a major security breach, resulting in hack of a $1.5 billion worth of ETH.
