The crypto liquid restaking protocol Bedrock has been hit hard by a security breach that resulted in the theft of approximately $2 million. The exploit was identified on September 26 by the Web3 security firm Dedaub, which discovered a vulnerability in the smart contract affecting multiple uniBTC vaults. Despite being informed about the issue several hours prior to the attack, Bedrock failed to take appropriate action, ultimately allowing the hacker to exploit the vulnerability. Alarmingly, the hacker had the potential to steal up to $75 million, highlighting the severity of the flaw in the protocol’s security measures.
In response to the incident, Bedrock publicly acknowledged the hack on September 27, outlining its commitment to developing a reimbursement plan to recoup investors’ losses. The team stated that they are collaborating with audit firms and white hat hackers to recover the stolen funds, emphasizing their dedication to restoring trust in the platform. They assured users that existing funds remain secure and that they plan to unpause staking on uniBTC contracts once the vulnerability is addressed.
In a surprising twist, Bedrock attempted to contact the hacker directly via an on-chain message on the Ethereum blockchain, offering them a position as a white hat hacker. The message invited the hacker to help strengthen the security of the very protocol they compromised, along with a reward for the exploit. As of now, the hacker has not responded to this unusual job offer, raising questions about the ethics and effectiveness of such an approach in the crypto space.
This incident at Bedrock is part of a larger trend in the crypto industry, where hacks and exploits have become increasingly common. Similar cases, such as the recent recovery of nearly $5 million by the crypto lender Shezmu through negotiations with a hacker, showcase the complex relationship between security vulnerabilities and the hackers who exploit them. As Bedrock navigates this challenging situation, the protocol’s actions may influence how the broader crypto community addresses security breaches and interacts with those responsible for them.
Reference: