Fuzzland’s Transparency Report: Inside Job Behind $2 Million Exploit
Smart contract analytics platform Fuzzland has revealed that a former employee was behind a $2 million exploit that targeted Bedrock’s UniBTC protocol in September 2024.
Details of the Exploit
In a newly released transparency report, Fuzzland disclosed that the insider leveraged social engineering tactics, supply chain attacks, and advanced persistent threat techniques to obtain sensitive data, enabling the attack. The attacker exploited a vulnerability in UniBTC, which had been discussed internally during an emergency response call.
The company further explained that the ex-employee had inserted malicious code to create backdoors in engineering workstations, which remained undetected for weeks. This access allowed the attacker to intercept sensitive information and exploit the vulnerability first highlighted in a Dedaub report.
Fuzzland admitted that although they had detected the vulnerability prior to the attack, it was deprioritized due to false positive noise.
Compensation and Investigation Efforts
Compensation to Bedrock
The smart contract security platform has compensated Bedrock for the damages incurred and initiated a joint investigation with security firm ZeroShadow.
Collaboration with Authorities and Security Firms
Fuzzland has filed reports with Chinese law enforcement and the FBI. Additionally, they are collaborating with Seal 911 and SlowMist to improve industry-wide security standards.
Despite the $2 million loss due to the incident, Fuzzland confirmed that no client or customer data was compromised, as the breach was confined to a separate internal environment.
Impact on Bedrock
Bedrock, a multi-asset liquid restaking protocol that offers products like UniBTC, UniETH, and UnilOTX, confirmed the exploitation of its UniBTC product on September 27. The attacker siphoned $2 million in liquidity from its decentralized exchange pools. However, Bedrock’s total value locked (TVL) increased from $240 million in September 2024 to $535 million by June 2025, according to DefiLlama.
Rising Trend in Crypto Attacks
This report surfaces amidst a growing trend where hackers shift focus from smart contract vulnerabilities to social engineering schemes. On June 4, blockchain security firm CertiK reported that more than $2.1 billion has been stolen in crypto-related attacks in 2025.
Most of these losses stem from phishing attacks and wallet compromises. CertiK co-founder Ronghui Gu indicated that the uptick in social engineering attacks signifies a change in hackers’ strategies.
Image Credit: cointelegraph.com
