Fuzzland says ex-employee was behind $2M Bedrock UniBTC exploit

Fuzzland says a former employee used insider access and malware to exploit Bedrock’s UniBTC protocol, resulting in $2 million in losses.

Smart contract analytics platform Fuzzland has disclosed that a former employee was responsible for a $2 million exploit that targeted Bedrock’s UniBTC protocol in September 2024. 

In a new transparency report, Fuzzland revealed that the insider used social engineering tactics, supply chain attacks and advanced persistent threat techniques to steal sensitive data that enabled the attack. The platform said the attacker exploited the vulnerability in UniBTC after it was internally discussed in an emergency response call. 

The company added that its ex-employee inserted a malicious code that created backdoors in engineering workstations and remained undetected for weeks. The access allowed the attacker to receive sensitive information and act on the vulnerability first flagged in a Dedaub report. 

Read more