Fuzzland Reveals Ex-Employee Behind $2M Bedrock UniBTC Exploit
Fuzzland's transparency report reveals a former employee executed a $2 million exploit on Bedrock’s UniBTC protocol in September 2024. The attacker employed social engineering, supply chain attacks, and advanced persistent threat techniques to access sensitive data. A vulnerability discussed during an emergency call was exploited after the ex-employee inserted malicious code into engineering workstations, remaining undetected for weeks. Fuzzland had previously identified the vulnerability but deprioritized it due to false positives. The company compensated Bedrock for the losses and initiated a joint investigation with ZeroShadow, while also reporting to Chinese law enforcement and the FBI. No client data was compromised, as the incident was contained within an internal environment. Despite the exploit, Bedrock's total value locked increased significantly from $240 million in September 2024 to $535 million in June 2025. In 2025, hackers have stolen over $2.1 billion in crypto, with a notable shift towards social engineering attacks.
