Michaela
Web3 security firm Fuzzland has confirmed that a former employee leveraged insider access and deployed malware to exploit Bedrock’s UniBTC protocol, leading to $2 million in losses. The company emphasized that no customer data was compromised in the breach.
In an official X post, Fuzzland disclosed details concerning a security incident that occurred in September 2024. “A former Fuzzland employee used insider access and deployed advanced persistent threat techniques to steal sensitive information from our systems for over three weeks,” Fuzzland wrote. “The exploit was enabled by a combination of a breach of TLP:RED protocols by someone who accessed intelligence about a vulnerability identified in a Dedaub report,” they added.
Fuzzland stated that the vulnerability had been identified prior to the exploit, but was ultimately overlooked after being flagged as a likely false positive amid other routine alerts.
Fuzzland said it has reimbursed Bedrock for the $2 million lost in the UniBTC exploit and confirmed it is “working closely with leading security firm and law enforcement” as part of the ongoing investigation.
The smart contract security platform also emphasized that no customer data was exposed, citing its use of separate infrastructure and internal teams. Sensitive information, it noted, is kept “like private keys in TEE.”
Related: Smart Contracts Are Powering a New Wave of Finance: Here’s How
On September 27 last year, Bedrock confirmed that it had been exploited which affected its UniBTC product.
The incident spotlights the growing complexity of internal threats in the Web3 security landscape, where even trusted access can become a point of vulnerability. As protocols like Bedrock continue to expand their role in decentralized finance, the need for continuous monitoring, compartmentalized systems, and rapid response mechanisms has never been more critical.
Fuzzland’s swift public acknowledgment, coupled with its collaboration with law enforcement and external security experts, reflects an industry increasingly aware of its accountability—not just to code, but to community trust.
Related: Chrome Extension Injects Hidden Fees Into Solana Swaps: New Report
While the broader ecosystem continues to wrestle with evolving attack vectors, the episode serves as a reminder: in decentralized finance (DeFi), transparency and resilience must advance as fast as innovation.
Read More
- Trezor Warns Users After Phishing Emails Exploit Support System
- Federal Reserve Scraps Reputational Risk Rule, Opening Doors for Crypto Banks
- ZachXBT Uncovers $4M Coinbase Scam That Left Victims Wallets Empty
MICHAELA
Michaela is a news writer focused on cryptocurrency and blockchain topics. She prioritizes rigorous research and accuracy to uncover interesting angles and ensure engaging reporting. A lifelong book lover, she applies her passion for reading to deeply explore the constantly evolving crypto world.
