- Bedrock lost $2 million due to a smart contract vulnerability in uniBTC vaults but avoided a potential $75 million theft.
- Bedrock reached out to the hacker, offering a white hat job to secure the protocol and recover stolen funds.
- The protocol is working with security teams to reimburse affected users and fix vulnerabilities in the system.
Bedrock, a cryptocurrency liquid restaking protocol, experienced a significant security breach, losing approximately $2 million after an attacker exploited a smart contract vulnerability in its uniBTC vaults. Discovered by Web3 security firm Dedaub on Sept. 26, the vulnerability had the potential for a much larger heist of up to $75 million.
Despite being alerted to the issue, Bedrock failed to act quickly, allowing the exploit to occur. The team acknowledged the breach the next day, stating they are now working with audit teams and white-hat hackers to recover the lost funds and ensure future security. Bedrock also assured users that all remaining funds were secure and that the staking process would resume once the vulnerability was addressed.
Bedrock Offers Hacker White Hat Role
In a unique move to recover the stolen assets, Bedrock reached out directly to the hacker via an on-chain message on Ethereum’s blockchain. They proposed that the attacker become a “white hat”—a role dedicated to improving Bedrock’s security. The team also offered the hacker a reward for their skills in discovering the vulnerability, though no response had been received as of this writing.
Successful Negotiation in Similar Crypto Hacks
Bedrock’s approach follows a trend seen in other crypto hacks. Recently, Shezmu, a crypto lender, recovered nearly $5 million from a hacker after negotiating on-chain. Shezmu offered the attacker a 10% bounty to return the stolen funds, which the hacker countered with a demand for a 20% reward. Ultimately, Shezmu agreed, and the hacker returned the stolen tokens.
