Ex-Fuzzland Staff Member Responsible for $2M Bedrock UniBTC Exploit Smart contract analysis platform Fuzzland has uncovered that a former staff member was behind a $2 million exploit on Bedrock’s UniBTC protocol in September 2024. In a transparency report , the attacker abused insider information, malware, and advanced persistent threat (APT) tactics to bypass sensitive internal systems and information. Malware and Social Engineering Facilitated Attack Fuzzland reported that the hacker employed social engineering, supply chain compromise, and malware to infiltrate its systems. The UniBTC vulnerability was first identified internally during an emergency call and then exploited. The attacker had installed backdoors on engineering workstations that granted long-term undiscovered access. It enabled them to access a vulnerability first unveiled in a report from security firm Dedaub. Even though the flaw was detected before, Fuzzland admitted that it was receiving lesser priority since it was producing so many false positive alerts. Compensation and Ongoing Investigations Fuzzland guaranteed that it had completely compensated Bedrock for losing $2 million and is working together with ZeroShadow in pursuing the breach. Reports have also been lodged with the FBI and Chinese government. In response to the exploit, Fuzzland teamed up with cybersecurity firms Seal 911 and SlowMist to heighten security levels across the DeFi ecosystem. The company emphasized that no customer or client data was hacked and that the attack was isolated in an alternate internal environment. Bedrock Recovers Despite the Attack Bedrock, a liquid restaking protocol that offers synthetic assets like UniBTC, UniETH, and UniIOTX, confirmed the exploit on Sept. 27, 2024. Despite losing $2 million on its decentralized exchange pools, the protocol’s total value locked (TVL) went up from $240 million in September 2024 to $535 million as of June 2025, according to DefiLlama. Rising Social Engineering Attacks Fuzzland’s reveal follows wider trends within the crypto security sector. Blockchain security company CertiK said that $2.1 billion has so far been lost to crypto attacks in 2025, with an increasing proportion attributed to phishing and wallet exploits. CertiK co-founder Ronghui Gu said that attackers are increasingly moving away from smart contract bugs towards human-focused attacks, including social engineering and insider manipulation.
