Smart contract analytics firm Fuzzland has publicly revealed that a former employee was behind the $2 million exploit that targeted Bedrock’s UniBTC protocol in September 2024.
In a newly released transparency report, Fuzzland explained that the ex-employee used a combination of sophisticated techniques, and advanced persistent threat (APT) tactics, to infiltrate internal systems.
The attack exploited a vulnerability in the UniBTC protocol that had been discussed during a confidential emergency response call.
The breach has raised fresh concerns about insider threats and the handling of sensitive technical information in decentralized finance (DeFi).
Malicious Code and Undetected Backdoors Enabled Attack
According to the report, the former employee secretly embedded malicious code into Fuzzland’s engineering workstations, effectively creating backdoors that remained unnoticed for several weeks.
These backdoors allowed the attacker to siphon off sensitive data and exploit the UniBTC vulnerability that had previously been flagged in a security report by blockchain auditing firm Dedaub.
Although Fuzzland’s team had initially identified the issue, it was deprioritized due to what they described as “false positive noise,” resulting in the critical flaw being overlooked just before the attack occurred.
The admission underscores the challenge of differentiating real threats from routine system alerts in fast-moving DeFi environments.
Fuzzland Takes Responsibility and Compensates Bedrock
In response to the breach, Fuzzland stated that it had fully compensated Bedrock for the $2 million in damages and partnered with cybersecurity firm ZeroShadow to launch a comprehensive investigation.
The company also filed reports with law enforcement agencies in China and the U.S., including the FBI, indicating the seriousness with which it is treating the insider breach.
Additionally, Fuzzland is collaborating with blockchain security groups Seal 911 and SlowMist to improve security practices and develop industry-wide protocols to reduce the risk of similar future incidents.
The company emphasized that no client or customer data was affected and clarified that the breach was confined to an isolated internal environment.
Despite Exploit, Bedrock’s Ecosystem Grows Significantly
Bedrock, a liquid restaking protocol offering synthetic tokens like UniBTC, UniETH, and UniLOTX, confirmed the exploit on September 27, 2024, when $2 million in liquidity was drained from its decentralized exchange pools.
Despite the attack, the platform’s growth has remained robust. According to DeFiLlama, Bedrock’s total value locked (TVL) grew from $240 million in September 2024 to $535 million by June 2025.
The development indicates ongoing user confidence in the protocol’s long-term potential and highlights the resilience of the DeFi sector when managed with transparency and corrective action.
The successful compensation and security upgrades may have played a key role in maintaining user trust.
Also Read: Crypto Hack: Cork Protocol Possibly Hit in $12M Smart Contract Breach
Rise in Crypto Hacks Underscores Sector-Wide Vulnerabilities
The Bedrock hack is part of a broader wave of attacks in the DeFi space throughout 2025.
Venus Protocol, operating on the BNB Chain, was recently exploited for $2 million due to a weakly secured smart contract and the use of MEV bots.
Iran’s Nobitex exchange also lost $48 million in an alleged nation-state cyberattack targeting its hot wallets.
Meanwhile, Nervos Network suffered a $3 million loss in a bridge exploit via ForceBridge, with the stolen assets laundered through Tornado Cash.
These incidents highlight persistent security gaps in the crypto ecosystem and reinforce the urgent need for improved auditing, threat monitoring, and developer accountability across all DeFi platforms.
Also Read: Solana Co-founder’s Personal Data Exposed In Instagram Hack, Details Inside