Liquid Restaking Protocol Bedrock Loses $2 Million in uniBTC Security Exploit

DeFi Defi Hack Scam
The team behind Bedrock said they are working on a plan to reimburse affected users.
Last updated:
Author
Author
Ruholamin Haqshanas
About Author

Ruholamin Haqshanas is a contributing crypto writer for CryptoNews. He is a crypto and finance journalist with over four years of experience. Ruholamin has been featured in several high-profile crypto...

Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews
Ad DisclosureWe believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. Read more

Bedrock, a multi-asset liquid staking protocol, has confirmed it suffered a security breach involving its synthetic Bitcoin token, uniBTC.

Hackers exploited a vulnerability in the protocol, resulting in a loss of approximately $2 million in funds.

“We want to inform you that the Bedrock team is aware of a security exploit involving uniBTC. The issue has been handled and funds are SAFU,” the project said in a post on X on September 27.

Bedrock to Reimburse Affected Users

The team behind Bedrock stated that they have since addressed the issue and are actively working on a comprehensive plan to reimburse affected users.

They assured the community that all remaining funds on the platform are secure.

“A comprehensive reimbursement plan is being finalized and will be shared shortly together with a post-mortem report,” Bedrock stated in their announcement.

The bulk of the stolen funds were taken from decentralized exchange liquidity pools, but Bedrock emphasized that the underlying wrapped Bitcoin (BTC) tokens and standard BTC held in reserves remain safe.

The company is committed to transparency and is expected to release a detailed post-mortem report soon, outlining the nature of the exploit and the steps being taken to prevent future breaches.

Bedrock, launched in February 2023 by Singapore-based blockchain firm RockX, offers a variety of staking products such as uniBTC, uniETH, and uniIOTX.

These synthetic tokens allow users to earn yield through staking while maintaining exposure to major blockchain assets.

The protocol has been particularly appealing to institutional investors due to its emphasis on strict Know Your Customer (KYC) and Anti-Money Laundering (AML) compliance.

According to data from DefiLlama, Bedrock ranks as the eighth-largest liquid staking protocol in the market, with over $240 million in total value locked (TVL) on its platform.

Liquid restaking has become a significant segment of the crypto industry, with protocols like Eigenlayer leading the charge, boasting over $12.1 billion in TVL on its mainnet.

Hackers Exploit Automated Email Replies to Deploy Mining Malware

In another attempt, Cybersecurity scammers are using automated email replies to compromise systems and deliver stealthy crypto mining malware.

As reported, hackers have been leveraging auto-reply emails from compromised accounts to target organizations in Russia, including companies, marketplaces, and financial institutions.

The attackers aim to install the XMRig miner on victims’ devices, enabling them to mine digital assets covertly.

The malware is distributed through malicious links sent via text messages.

This comes on the heels of another malware threat identified in August.

The “Cthulhu Stealer,” which affects MacOS systems, similarly disguises itself as legitimate software and targets personal information, including MetaMask passwords, IP addresses, and cold wallet private keys.

As reported, August saw a surge in crypto-related scams, with a staggering $310 million lost to various exploits, making it the second-highest monthly total this year.

Phishing incidents emerged as the most damaging, accounting for approximately $293 million of the total losses.

More Articles

Features
Strategic Bitcoin Reserves: Everything You Need to Know
Connor Sephton
Connor Sephton
2025-01-16 11:52:03
Opinions
The Wisdom of Crowds: How Blockchain Could Transform Medical Research
Chris Crecelius
Chris Crecelius
2025-01-16 11:01:42
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors