Bedrock, a crypto liquid restaking protocol, recently fell victim to a $2 million theft following a security exploit. The vulnerability, discovered in Bedrock’s uniBTC vaults, was identified by Web3 security firm Dedaub on September 26. Despite being notified in time, Bedrock failed to act before the breach occurred. Dedaub stated, “Unfortunately, even though we found the issue in the smart contract several hours before, by the time the team responded, the vulnerability had been exploited.”
Potential Losses of $75 Million Averted
Though the attacker managed to steal $2 million, they had access to as much as $75 million in funds. Fortunately, they did not exploit the full extent of the vulnerability. Bedrock acknowledged the breach on September 27, reassuring users that remaining funds are safe and promising a reimbursement plan for those affected.
Unusual Job Offer to the Attacker
In an unusual move, Bedrock reached out to the hacker through an onchain message on Etherscan. The protocol not only offered the attacker a reward but also a job opportunity as a white hat hacker to help secure Bedrock’s systems. The hacker has not yet responded to the offer, and Bedrock is continuing to work with audit teams to recover the stolen funds.