Smart contract analytics platform Fuzzland has revealed that a former employee was behind the $2 million exploit of Bedrock’s UniBTC protocol in September 2024.
In a newly released transparency report, Fuzzland stated that the ex-employee employed a combination of social engineering, supply chain attacks, and advanced persistent threat (APT) techniques to gain unauthorized access to sensitive data. This data ultimately enabled the attack on the UniBTC protocol.
According to the report, the vulnerability was initially discussed during an internal emergency response call, after which the attacker exploited it. Fuzzland further disclosed that the former employee had planted malicious code that created backdoors on engineering workstations, allowing undetected access for several weeks. This access gave the attacker an advantage in exploiting a flaw originally flagged in a report by Dedaub.
Fuzzland also admitted that it had previously detected the vulnerability but deprioritized it due to what it described as “false positive noise.”
Fuzzland Reimburses Bedrock for $2 Million Exploit Losses
Smart contract security platform Fuzzland announced that it has fully compensated Bedrock for the $2 million exploit and has launched a joint investigation into the incident with cybersecurity firm ZeroShadow.
In its transparency update, Fuzzland also confirmed that it has filed reports with both Chinese law enforcement and the FBI. To further strengthen the ecosystem’s security posture, the company is collaborating with Seal 911 and SlowMist to help raise industry-wide security standards.
Despite the financial loss, Fuzzland emphasized that no client or customer data was compromised, as the breach was confined to a separate internal environment.
Bedrock, a multi-asset liquid restaking protocol, offers synthetic staking assets such as UniBTC, UniETH, and UniIOTX. These tokenized representations of major blockchain assets enable users to earn staking rewards.
The exploit, which occurred on September 27, 2024, specifically targeted Bedrock’s UniBTC product. The attacker drained $2 million in liquidity from the protocol’s decentralized exchange pools. However, despite the breach, Bedrock’s total value locked (TVL) has shown strong growth, rising from $240 million in September 2024 to $535 million by June 2025, according to data from DeFiLlama.
Hackers Have Looted $2.1 Billion in Crypto So Far in 2025
Hackers are increasingly turning to social engineering tactics over traditional smart contract exploits, according to a new report. On June 4, blockchain security firm CertiK revealed that more than $2.1 billion has been lost to crypto-related attacks in 2025 alone.
CertiK noted that the majority of these losses stemmed from phishing scams and wallet compromises. Co-founder Ronghui Gu said the surge in social engineering incidents signals a strategic shift in how attackers are targeting the crypto ecosystem.
