Liquid Restaking Protocol Bedrock Faces a $2 Million Exploit

Highlights:

• Bedrock’s recent cyberattack resulted in nearly $2 million in losses.
• The team is implementing a reimbursement plan for affected users.
• This incident raises significant concerns about security in the crypto market.

The Ethereum-based liquid restaking platform Bedrock faced a cyberattack, leading to a nearly $2 million loss. In a Sept. 27 X post, the protocol confirmed that the exploit targeted its uniBTC, a synthetic Bitcoin token employed in DeFi. Bedrock stated they are working to resolve the issue. 

Advertisement

Most losses occurred in decentralized exchange liquidity pools, but Bedrock emphasized that the underlying wrapped Bitcoin (BTC) tokens are secure. This has sparked debate about crypto market security, particularly regarding fund protection.

Bedrock Assures Control Over the Situation and Plans Reimbursement for Affected Users

The team noted that the situation is now under control and that they are taking measures to address the underlying issues that caused the exploit.

Bedrock stated:

“The root cause has been identified and we are taking steps to address it. A comprehensive reimbursement plan is being finalized and will be shared shortly together with a post-mortem report.”

The team is considering airdropping new tokens to affected users. If approved, the platform will capture a snapshot of user balances to distribute the tokens fairly and ensure that all attack victims receive reimbursement.

⚠️Important Announcement from the Bedrock Team

We want to inform you that the Bedrock team is aware of a security exploit involving uniBTC. The issue has been handled and funds are SAFU.

We want to reassure everyone that the underlying wrapped BTCs and BTCs in reserves are…

— Bedrock | Bitcoin Restaking LIVE (@Bedrock_DeFi) September 27, 2024

Bedrock Hack Strikes Days After uniBTC Milestone Celebration

The hack occurred just 48 hours after Bedrock celebrated a milestone: uniBTC’s total value locked (TVL) reached 1,332.52 BTC across 11 blockchains on September 25. In a post on X, the protocol announced that Ethereum (ETH) emerged as the top choice for users, while BNB Chain and Merlin Chain, a layer-2 scaling solution on the Bitcoin network, ranked as the second and third most popular chains for uniBTC staking.

🚀 uniBTC TVL Soars: 1,332.52 BTC locked across 11 chains, with nearly 70K holders joining our community!

🫡 Top 5 Chains: Ethereum leads the charge, with @BNBCHAIN securing that sweet 2nd place. @MerlinLayer2 @Optimism @BSquaredNetwork are in a tight race for the next spots.… pic.twitter.com/QwLwSbmLKL

— Bedrock | Bitcoin Restaking LIVE (@Bedrock_DeFi) September 25, 2024

Launched in February 2023 by Singapore-based RockX, Bedrock targets institutional investors with products like uniBTC, uniETH, and uniIOTX, offering yield through staking. Currently, Bedrock ranks as the eighth largest liquid staking protocol, with a total value locked (TVL) exceeding $240 million.

Liquid staking has grown significantly, with the sector now holding over $11.4 billion in TVL. As the crypto market expands, platforms like Bedrock must prioritize the security of investors’ assets.

Cybercriminals Recently Target Various Crypto Platforms

Bedrock is not the only protocol recently targeted by cybercriminals. This month, several platforms have faced similar attacks. Truflation, a notable DeFi platform, was targeted in a sophisticated attack on September 25. An attacker compromised their safe address, losing 56,872,500 TRUF tokens valued at $4.6 million.

Truflation disclosed that malware was involved in the breach, and the team is working with law enforcement to recover the stolen assets. Staking was paused that day, and liquidity on decentralized exchanges remains limited.

Last week, BingX, a leading Singapore-based crypto trading platform, suffered a $45 million breach on its hot wallet. In response, BingX temporarily suspended all withdrawals to prevent further attacks. On September 11, cybercriminals also targeted Indodax, a prominent Indonesian crypto exchange, stealing around $22 million in digital assets from users. The crypto community is experiencing increased security concerns as hackers exploit vulnerabilities throughout the ecosystem.

Advertisement