In a new transparency report released today, blockchain security firm Fuzzland confirmed that a former internal employee orchestrated a $2 million exploit targeting Bedrock’s UniBTC protocol in September 2024. The individual leveraged insider privileges, malicious software, and social engineering to facilitate the attack.
Insider Access & Advanced Persistent Threat Techniques
Fuzzland revealed that the unnamed ex-employee had crafted a stealthy malware package, planting backdoors on engineering workstations. This covert access was maintained undetected for weeks, allowing the attacker to siphon sensitive information — including internal discussions on a vulnerability first highlighted by the third‑party auditor Dedaub.
Despite internal alert systems flagging the vulnerability, Fuzzland dismissed it as a false positive, delaying remediation until it was too late.
Execution of the UniBTC Exploit
Armed with stolen data, the insider called in the exploit following an emergency response meeting. They drained roughly $2 million worth of liquidity from Bedrock’s UniBTC pools, a product of Bedrock’s multi-asset liquid restaking platform.
Although the attack occurred in late September 2024. Bedrock's total value locked (TVL) actually continued to grow from approximately $240 million to $535 million by June 2025 — a testament to developer resilience and investor confidence.
Fuzzland's Remediation and Industry Response
Fuzzland stepped in to fully compensate Bedrock for the losses and launched a joint investigation with cybersecurity specialist ZeroShadow. They also enlisted security firms Seal 911 and SlowMist to bolster broader industry safeguards.
Importantly, the breach did not expose any customer data, as it was restricted to isolated internal environments. Alerts were filed with both Chinese authorities and the FBI, signaling serious cross-border cooperation.
Context: Rising Trend in Social Engineering Crypto Hacks
This incident highlights a broader shift in cryptosecurity: attackers are increasingly turning to insider threats, social engineering, and supply‑chain compromises rather than exploiting pure smart‑contract flaws.
In fact, blockchain security firm CertiK reported that crypto thefts reached over $2.1 billion in 2025. with a majority of losses stemming from phishing, wallet exploits, and insider-based schemes.
Conclusion
The Bedrock UniBTC exploit illustrates a sobering reality: even platforms with strong smart-contract protocols remain vulnerable when human trust is breached from within. Fuzzland’s prompt acknowledgement, full restitution, and collaborative security overhaul mark a proactive industry response. Still, the incident serves as a stark reminder for DeFi projects to fortify not only their code but also their people and processes.
As the crypto space confronts evolving threats, mastering both technical safeguards and personnel hygiene is essential in defending against future APT-style attacks.
