Skip to main content
Sign in
uniBTC1 decision on this page

Audit log

Every state-changing event for uniBTC: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-28 03:28:42Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 422,638,459
    sig
    2kDdAxnczxm3…6qwDHeUpexplorer ↗
    hash
    Jfvm3mfnou3t…xZwpXhzisha256 → base58
    verifying row…full verify ↗
    canonical bytes (7811 B) ▸
    {"actor":"system:backfill","investigation_id":"23c26d79-a5d9-43f7-900e-e60000503ba6","kind":"publish","page_slug":"unibtc","published_at":"2026-05-28T03:28:42.112Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"uniBTC","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://docs.bedrock.technology/multi-asset-liquid-staking/unibtc/introduction","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/protocol/bedrock-unibtc","type":"other","url":""},{"credibility":3,"name":"https://etherscan.io/token/0x004e9c3ef86bc1ca1f0bb5c7662861ee93350568","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://dedaub.com/blog/bedrock-vulnerability-disclosure-and-actions/","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/liquid-restaking-protocol-bedrock-suffers-2-million-exploit","type":"other","url":""},{"credibility":3,"name":"https://thedefiant.io/news/hacks/bedrock-vulnerability-allows-hacker-to-drain-usd2m-from-unibtc-liquidity-pools","type":"other","url":""},{"credibility":3,"name":"https://www.quillaudits.com/blog/hack-analysis/bedrock-2million-exploit","type":"other","url":""},{"credibility":3,"name":"https://blockapex.io/unibtc-hack-analysis/","type":"other","url":""},{"credibility":3,"name":"https://lunaray.medium.com/bedrock-unibtc-hack-analysis-7808902e5a7c","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cointelegraph.com/news/fuzzland-ex-employee-bedrock-unibtc-exploit","type":"other","url":""},{"credibility":3,"name":"https://cryptonews.com/news/ex-employee-hacks-bedrock-unibtc-for-2m-fuzzland-uncovers-insider-exploit/","type":"other","url":""},{"credibility":3,"name":"https://www.bitdegree.org/crypto/news/fuzzland-breach-tied-to-ex-employee-in-2-million-unibtc-exploit","type":"other","url":""},{"credibility":3,"name":"https://news.shib.io/2025/06/26/fuzzland-reveals-insider-behind-2m-unibtc-hack-at-bedrock/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://docs.bedrock.technology/security/audit-reports","type":"other","url":""},{"credibility":3,"name":"https://dedaub.com/blog/bedrock-vulnerability-disclosure-and-actions/","type":"other","url":""},{"credibility":3,"name":"https://www.quillaudits.com/blog/hack-analysis/bedrock-2million-exploit","type":"other","url":""},{"credibility":3,"name":"https://www.fxleaders.com/news/2024/09/29/bedrock-boosts-security-after-2m-exploit-with-chainlink-integration-and-audits/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://x.com/Bedrock_DeFi/status/1839712719630676051","type":"other","url":""},{"credibility":3,"name":"https://blockonomi.com/bedrock-protocol-reports-2m-exploit-reimbursement-plan-in-progress/","type":"other","url":""},{"credibility":3,"name":"https://chainlinktoday.com/after-2-million-exploit-bedrock-turns-to-chainlink-proof-of-reserve-for-secure-minting/","type":"other","url":""},{"credibility":3,"name":"https://cryptobriefing.com/bedrock-chainlink-integration-security/","type":"other","url":""},{"credibility":3,"name":"https://beincrypto.com/bedrock-integrates-chainlink-2-million-exploit/","type":"other","url":""},{"credibility":3,"name":"https://www.prnewswire.com/news-releases/bedrock-launches-unibtc-and-brbtc-on-aptos-expanding-the-frontiers-of-btcfi-302546744.html","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cryptonews.net/news/security/29852647/","type":"other","url":""},{"credibility":3,"name":"https://www.cryptotimes.io/2024/09/27/bedrock-faces-2-million-loss-in-unibtc-security-breach/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cointelegraph.com/news/fuzzland-ex-employee-bedrock-unibtc-exploit","type":"other","url":""},{"credibility":3,"name":"https://cryptonews.com/news/ex-employee-hacks-bedrock-unibtc-for-2m-fuzzland-uncovers-insider-exploit/","type":"other","url":""}]}],"sources_used":[],"summary":"uniBTC is a synthetic Bitcoin liquid restaking token issued by Bedrock protocol, enabling wBTC holders to earn BTC-native yield via the Babylon staking protocol while retaining liquidity. In September 2024, a critical minting vulnerability in multiple uniBTC vault smart contracts across eight blockchains was exploited for approximately $2 million after a third-party security firm disclosed the flaw hours before the attack. Post-incident forensics by Fuzzland, disclosed in June 2025, attributed the exploit to an insider threat — a former employee who embedded malware into Fuzzland's internal codebase and used privileged access to execute the attack; Bedrock has since integrated Chainlink Proof of Reserve and expanded to multiple new chains.","timeline":[{"date":"2024-06-12","event":"Blocksec conducts initial audit of uniBTC contracts.","source":""},{"date":"2024-09-04","event":"Alleged insider (later identified as a former Fuzzland employee) modifies Cargo.toml to include malicious Rust crate 'rands', embedding malware in Fuzzland workstations.","source":""},{"date":"2024-09-25","event":"Vulnerable uniBTC vault contract deployed approximately 36 hours before the exploit.","source":""},{"date":"2024-09-26","event":"16:00 UTC — Dedaub discovers and confirms the critical infinite-mint vulnerability in uniBTC vault contracts across 8 chains.","source":""},{"date":"2024-09-26","event":"16:27 UTC — Dedaub reports vulnerability to Bedrock via Twitter. 16:41 UTC — SEAL 911 war room created.","source":""},{"date":"2024-09-26","event":"Emergency call held between Fuzzland and relevant parties to discuss the Dedaub-identified vulnerability. Insider with privileged access participates.","source":""},{"date":"2024-09-26","event":"18:28 UTC — First exploit transaction executes on Ethereum. Attacker mints ~30.8 uniBTC, swaps to WBTC via Uniswap, converts to ~680 WETH, nets ~649.6 WETH (~$1.7M) after repaying flash loan.","source":""},{"date":"2024-09-26","event":"Bedrock coordinates with Pendle Finance to disable uniBTC exposure, protecting over $30M in liquidity. Vulnerable vaults paused across 8 chains.","source":""},{"date":"2024-09-27","event":"Bedrock publicly acknowledges exploit. Estimates total losses at approximately $2 million, primarily in DEX liquidity pools. Announces reimbursement plan.","source":""},{"date":"2024-09-27","event":"Stolen funds routed through Tornado Cash mixing service.","source":""},{"date":"2024-09-28","event":"Bedrock publishes post-mortem report via X (@Bedrock_DeFi). Extends job offer to attacker; no response publicly reported.","source":""},{"date":"2024-09-29","event":"Bedrock announces Chainlink Proof of Reserve Secure Mint integration as primary security remediation. PeckShield conducts post-incident audit (completed October 1, 2024). Blocksec conducts second audit (completed October 30, 2024).","source":""},{"date":"2025-02-05","event":"Bedrock contributes approximately 1,000 uniBTC to Berachain's Boyco campaign; Boyco TVL reaches $3 billion.","source":""},{"date":"2025-06-26","event":"Fuzzland publishes transparency report disclosing that a former employee was behind the September 2024 exploit using supply chain malware, social engineering, and privileged access. Fuzzland accepts full responsibility and states all affected parties were reimbursed.","source":""},{"date":"2025-09-04","event":"Bedrock launches uniBTC and brBTC on the Aptos blockchain, reporting nearly $700M in TVL and over 5,000 BTC staked across 15+ chains.","source":""}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision e0159de9-c0b7-42f9-8879-15361935abfb
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.