Liquid Staking Protocol Bedrock Loses $2 Million in uniBTC Security Exploit

Liquid Staking Protocol Bedrock Loses $2 Million in uniBTC Security Exploit

Bedrock, a multi-asset liquid staking protocol, has confirmed it fell victim to a security exploit involving its synthetic Bitcoin token, uniBTC. Hackers took advantage of a vulnerability in the protocol, resulting in an estimated loss of $2 million.

In a post on X dated September 27, the Bedrock team stated, “We want to inform you that the Bedrock team is aware of a security exploit involving uniBTC. The issue has been handled and funds are SAFU.”

Plans for User Reimbursement

The Bedrock team has indicated that they are working on a comprehensive plan to reimburse affected users, assuring the community that all remaining funds on the platform are secure. “A comprehensive reimbursement plan is being finalized and will be shared shortly together with a post-mortem report,” they stated.

The majority of the stolen funds were taken from decentralized exchange liquidity pools. However, Bedrock emphasized that the underlying wrapped Bitcoin (BTC) tokens and standard BTC held in reserves remain safe. The company is committed to transparency and is expected to release a detailed post-mortem report soon, explaining the exploit and measures to prevent future incidents.

About Bedrock

Launched in February 2023 by the Singapore-based blockchain firm RockX, Bedrock offers various staking products including uniBTC, uniETH, and uniIOTX. These synthetic tokens allow users to earn yield through staking while retaining exposure to major blockchain assets. Bedrock has become particularly appealing to institutional investors due to its strict Know Your Customer (KYC) and Anti-Money Laundering (AML) compliance.

According to data from DefiLlama, Bedrock ranks as the eighth-largest liquid staking protocol, with over $240 million in total value locked on its platform. Liquid restaking has emerged as a significant segment within the crypto industry, with protocols like Eigenlayer leading, boasting over $12.1 billion in total value locked on its mainnet.

Cybersecurity Threats

In related news, cybersecurity scammers are employing automated email replies to compromise systems and deliver stealthy crypto mining malware. Reports indicate that hackers have been using auto-reply emails from compromised accounts to target organizations in Russia, including companies and financial institutions. The attackers aim to install the XMRig miner on victims’ devices to mine digital assets covertly.

This follows the emergence of another malware threat, the “Cthulhu Stealer,” which targets MacOS systems and disguises itself as legitimate software while aiming for personal information such as MetaMask passwords and private keys. August alone saw a significant increase in crypto-related scams, with approximately $310 million lost to various exploits, marking the second-highest monthly total of the year. Phishing incidents accounted for about $293 million of those losses.