In a shocking revelation, Fuzzland has disclosed that a former employee orchestrated a $2 million exploit targeting Bedrock’s UniBTC protocol. Utilizing insider access and malware, the attacker managed to breach the system, leading to substantial financial losses for the company.
According to Fuzzland’s transparency report, the malicious actions occurred in September 2024. The assailant, leveraging social engineering tactics alongside advanced persistent threat techniques, executed a well-planned attack. Details have emerged that the attacker exploited vulnerabilities discussed during an emergency response call, demonstrating the severe impact of internal communications on cybersecurity.
Inserting malicious code into engineering workstations, the ex-employee created backdoors that remained undetected for weeks. This secrecy allowed the hacker to gather sensitive information and take advantage of a previously flagged vulnerability documented in a Dedaub report.
Despite having identified the vulnerability before the exploit, Fuzzland admitted that it was deprioritized due to false positive noise. As a result, they are taking serious measures to rectify the situation. Fuzzland has since compensated Bedrock for the damages and initiated a joint investigation with the security firm, ZeroShadow.
Furthermore, Fuzzland has engaged with law enforcement agencies, including the FBI and Chinese authorities, to bolster security protocols and ensure that the incident does not recur. They are collaborating with industry experts from Seal 911 and SlowMist to enhance security measures across the board.
While the exploit led to a $2 million drain from Bedrock’s decentralized exchange pools, it is noteworthy that, according to Fuzzland, no client or customer data was compromised during the incident. The breach was confined to a separate internal environment, which mitigated broader risks.
After the incident, Bedrock observed a curious increase in its Total Value Locked (TVL), which surged from $240 million in September 2024 to an impressive $535 million by June 2025. This demonstrates resilience in the face of adversity as they continue to offer their multi-asset liquid restaking protocol, which includes innovative products like UniBTC, UniETH, and UnilOTX.
This incident comes amid a surge in cyberattacks within the cryptocurrency domain. Recent findings indicate that hackers have currently stolen over $2.1 billion in crypto in 2025 alone, with a notable shift towards social engineering schemes. The rise of phishing attacks and wallet compromises highlights the evolving strategies employed by malicious actors in an ever-changing cybersecurity landscape.
As security firms like CertiK report increasing losses due to these schemes, the necessity for robust cybersecurity measures is more important than ever. Fuzzland’s case serves as a reminder for companies to prioritize security and continuously adapt to emerging threats.
