Smart contract analytics platform Fuzzland has disclosed that a former employee was responsible for a $2 million exploit that targeted Bedrock’s UniBTC protocol in September 2024.
In a new transparency report, Fuzzland revealed that the insider used social engineering tactics, supply chain attacks and advanced persistent threat techniques to steal sensitive data that enabled the attack. The platform said the attacker exploited the vulnerability in UniBTC after it was internally discussed in an emergency response call.
The company added that its ex-employee inserted a malicious code that created backdoors in engineering workstations and remained undetected for weeks. The access allowed the attacker to receive sensitive information and act on the vulnerability first flagged in a Dedaub report.
Fuzzland claimed that it had detected the vulnerability before the attack. However, it was deprioritized because of false positive noise.
Fuzzland compensates Bedrock for $2 million exploit
The smart contract security platform said it had compensated Bedrock for the damages and launched a joint investigation with security firm ZeroShadow.
The company had also filed reports with Chinese law enforcement and the FBI. It also stated that it is working with Seal 911 and SlowMist to enhance industry-wide security standards.
While there are about $2 million in losses because of the incident, Fuzzland said no client or customer data was affected by the breach. The company said the incident was isolated in a separate internal environment.
Bedrock is a multi-asset liquid restaking protocol offering UniBTC, UniETH and UnilOTX products. These synthetic representations of major blockchain tokens allow users to earn yield through staking.
On Sept. 27, Bedrock confirmed that it had been exploited, which affected its UniBTC product. The attacker drained $2 million in liquidity from its decentralized exchange pools. Despite the hack, Bedrock’s total value locked (TVL) grew from $240 million in September 2024 to $535 million in June 2025, according to DefiLlama.
Related: Hardware wallet Ledger launches offline recovery key for new wallets
Hackers have stolen $2.1 billion in crypto in 2025
The report comes as hackers increasingly shift from smart contract vulnerabilities to social engineering schemes. On June 4, blockchain security firm CertiK reported that over $2.1 billion has been stolen in crypto-related attacks in 2025.
The company said most of the losses came from phishing attacks and wallet compromises. CertiK co-founder Ronghui Gu said the increase in social engineering attacks suggests that hackers are shifting their strategies.
Magazine: Older investors are risking everything for a crypto-funded retirement
