Fuzzland has reported that a former employee exploited Bedrock’s UniBTC protocol, resulting in $2 million in losses. The attack, which occurred in September 2024, involved the ex-employee utilizing insider access and malware, employing social engineering tactics and advanced persistent threat techniques to access sensitive information. The malicious code inserted by the attacker created backdoors in internal engineering workstations, allowing them to act on a vulnerability previously flagged in a Dedaub report. Although Fuzzland detected this vulnerability, it was deprioritized amid false positive noise. The company has compensated Bedrock for the losses and initiated a collaborative investigation with the security firm ZeroShadow while also reporting the incident to law enforcement agencies. Despite the breach, no client data was affected, and Bedrock’s total value locked grew significantly post-attack. This incident highlights a trend towards social engineering strategies in cryptocurrency hacks, as emphasized by an increase in these techniques reported in 2025.

Source 🔗