The smart contract analysis platform Fuzzland has recently disclosed that a former employee is responsible for the $2 million attack on the Bedrock UniBTC protocol in September 2024.

In a newly released transparency report, Fuzzland revealed that this insider used social engineering tactics, supply chain attacks, and advanced persistent threat techniques to steal sensitive data, which was then used to carry out the attack. The platform noted that the attacker exploited the UniBTC vulnerability immediately after it was discussed in an internal emergency response meeting.

The company further stated that its former employee implanted malicious code, created backdoors on engineering workstations, and successfully evaded detection for weeks. This unauthorized access allowed the attacker to obtain sensitive information and act on vulnerabilities initially flagged in the Dedaub report.

Fuzzland claims they had detected the vulnerability before the attack occurred. However, due to interference from false positives, the vulnerability was deprioritized for handling.

The smart contract security platform stated that it has fully compensated Bedrock for the losses and has initiated a joint investigation with the security firm ZeroShadow.

Fuzzland has also submitted reports to Chinese law enforcement and the FBI. The company noted that they are working closely with Seal 911 and SlowMist Technology to enhance security standards across the industry.

Despite the incident resulting in approximately $2 million in losses, Fuzzland emphasized that no customer or user data was compromised. The company stated that the incident was entirely contained within an isolated internal environment.

Bedrock is a multi-asset liquid re-staking protocol that offers UniBTC, UniETH, and UnilOTX products. These synthetic representations of major blockchain tokens allow users to earn yields through staking.

On September 27, Bedrock officially confirmed that it had been attacked, primarily affecting its UniBTC product. The attacker withdrew $2 million from its decentralized exchange liquidity pool. Despite the hack, according to DefiLlama data, Bedrock's total value locked (TVL) grew from $240 million in September 2024 to $535 million in June 2025.

As the report was released, hacking methods are gradually shifting from smart contract vulnerabilities to social engineering tactics. On June 4, blockchain security firm CertiK reported that crypto-related attacks in 2025 have caused over $2.1 billion in losses.

The company stated that most of the losses stemmed from phishing attacks and wallet intrusion incidents. CertiK co-founder Gu Ronghui pointed out that the increase in social engineering attacks indicates that hackers are strategically adjusting their attack methods.

Related: Coinbase claims to have played a "key role" in the largest cryptocurrency seizure case in U.S. Secret Service history.

Original: “Fuzzland Accuses Former Employee of Orchestrating $2 Million Bedrock UniBTC Exploit”

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。