Fuzzland Uncovers Insider Who Raked in $2M Bedrock UniBTC Hack
Fuzzland, a contract analytics firm, has revealed that an insider, a former staff member, hacked into Bedrock’s UniBTC protocol for $2 million last September of 2024.
Insider Used Malware and Social Engineering
In a recent published transparency report, Fuzzland analyzed that the attacker leveraged insider access, social engineering, and malware to take advantage of an internally discussed vulnerability. The report goes on to detail that the former employee utilized advanced persistent threats and supply chain attacks to avoid detection for weeks.
Fuzzland informed how an attacker had put a backdoor of malicious purpose into engineering workstations, giving the attacker access to confidential data. The vulnerability exploited had initially been revealed in a Dedaub security report but was later declassified following being mistakenly flagged as a false positive.
Following the attack, Fuzzland compensated Bedrock for the $2 million loss and opened a collaborative investigation with cybersecurity company ZeroShadow. The company also informed Chinese authorities and the FBI and is now working in partnership with Seal 911 and SlowMist to enhance DeFi security standards.
Fuzzland asserted that no customer or client data were compromised, and the attack only reached a single standalone internal system.
Bedrock Rebounds Despite Exploit
Bedrock, offering synthetic staking products like UniBTC, UniETH, and UnilOTX, confirmed the hack on September 27, 2024. The attacker had drained $2 million worth of liquidity from its decentralized pools.
Despite the hack, Bedrock’s total value locked (TVL) doubled several times—from $240 million in September 2024 to $535 million as of June 2025, according to DeFiLlama.
Crypto Exploits Head Toward Social Engineering
The attack is symptomatic of the larger trend in the crypto universe, as hackers increasingly resort to social engineering instead of outright smart contract exploits.
According to its June 2025 report, CertiK puts the estimate that over $2.1 billion has been stolen in crypto attacks so far this year—largely through phishing and wallet exploits. The trend represents a shift in hacker strategy, according to CertiK co-founder Ronghui Gu, and underscores the need for human-centric security measures.
