A report from smart contract analytics firm Fuzzland has revealed that a former employee orchestrated a $2 million exploit on Bedrock’s UniBTC protocol in September 2024. According to a detailed transparency update, the insider leveraged social engineering, supply chain attacks, and persistent backdoor tactics to infiltrate Fuzzland systems and leak sensitive information that enabled the exploit.

The attacker reportedly gained access to an emergency vulnerability discussion and used the data to deploy malicious code that went undetected for weeks. The backdoors installed on internal engineering workstations allowed the insider to exploit a known weakness in the UniBTC system — a flaw that had been deprioritized as a false positive, despite prior detection.

Fuzzland said the breach was isolated to an internal environment and confirmed that no customer or client data was compromised. The company has since compensated Bedrock for the $2 million loss and is cooperating with cybersecurity firm ZeroShadow in an ongoing investigation. It has also filed reports with the FBI and Chinese authorities, and is partnering with Seal 911 and SlowMist to raise industry security standards.

Bedrock, a decentralized liquid restaking platform offering UniBTC, UniETH, and UniIOTX, saw its total value locked (TVL) grow from $240 million at the time of the hack to over $535 million by June 2025, according to DeFiLlama.

This case highlights a broader shift in crypto attack strategies. On June 4, CertiK reported that hackers have stolen over $2.1 billion in 2025 alone — with most losses linked to phishing and wallet compromises rather than code vulnerabilities. The rise of insider threats and social engineering now poses a critical challenge for blockchain security firms worldwide.