Verify a decision

{"actor":"system:backfill","investigation_id":"23c26d79-a5d9-43f7-900e-e60000503ba6","kind":"publish","page_slug":"unibtc","published_at":"2026-05-28T03:28:42.112Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"uniBTC","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://docs.bedrock.technology/multi-asset-liquid-staking/unibtc/introduction","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/protocol/bedrock-unibtc","type":"other","url":""},{"credibility":3,"name":"https://etherscan.io/token/0x004e9c3ef86bc1ca1f0bb5c7662861ee93350568","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://dedaub.com/blog/bedrock-vulnerability-disclosure-and-actions/","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/liquid-restaking-protocol-bedrock-suffers-2-million-exploit","type":"other","url":""},{"credibility":3,"name":"https://thedefiant.io/news/hacks/bedrock-vulnerability-allows-hacker-to-drain-usd2m-from-unibtc-liquidity-pools","type":"other","url":""},{"credibility":3,"name":"https://www.quillaudits.com/blog/hack-analysis/bedrock-2million-exploit","type":"other","url":""},{"credibility":3,"name":"https://blockapex.io/unibtc-hack-analysis/","type":"other","url":""},{"credibility":3,"name":"https://lunaray.medium.com/bedrock-unibtc-hack-analysis-7808902e5a7c","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cointelegraph.com/news/fuzzland-ex-employee-bedrock-unibtc-exploit","type":"other","url":""},{"credibility":3,"name":"https://cryptonews.com/news/ex-employee-hacks-bedrock-unibtc-for-2m-fuzzland-uncovers-insider-exploit/","type":"other","url":""},{"credibility":3,"name":"https://www.bitdegree.org/crypto/news/fuzzland-breach-tied-to-ex-employee-in-2-million-unibtc-exploit","type":"other","url":""},{"credibility":3,"name":"https://news.shib.io/2025/06/26/fuzzland-reveals-insider-behind-2m-unibtc-hack-at-bedrock/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://docs.bedrock.technology/security/audit-reports","type":"other","url":""},{"credibility":3,"name":"https://dedaub.com/blog/bedrock-vulnerability-disclosure-and-actions/","type":"other","url":""},{"credibility":3,"name":"https://www.quillaudits.com/blog/hack-analysis/bedrock-2million-exploit","type":"other","url":""},{"credibility":3,"name":"https://www.fxleaders.com/news/2024/09/29/bedrock-boosts-security-after-2m-exploit-with-chainlink-integration-and-audits/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://x.com/Bedrock_DeFi/status/1839712719630676051","type":"other","url":""},{"credibility":3,"name":"https://blockonomi.com/bedrock-protocol-reports-2m-exploit-reimbursement-plan-in-progress/","type":"other","url":""},{"credibility":3,"name":"https://chainlinktoday.com/after-2-million-exploit-bedrock-turns-to-chainlink-proof-of-reserve-for-secure-minting/","type":"other","url":""},{"credibility":3,"name":"https://cryptobriefing.com/bedrock-chainlink-integration-security/","type":"other","url":""},{"credibility":3,"name":"https://beincrypto.com/bedrock-integrates-chainlink-2-million-exploit/","type":"other","url":""},{"credibility":3,"name":"https://www.prnewswire.com/news-releases/bedrock-launches-unibtc-and-brbtc-on-aptos-expanding-the-frontiers-of-btcfi-302546744.html","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cryptonews.net/news/security/29852647/","type":"other","url":""},{"credibility":3,"name":"https://www.cryptotimes.io/2024/09/27/bedrock-faces-2-million-loss-in-unibtc-security-breach/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cointelegraph.com/news/fuzzland-ex-employee-bedrock-unibtc-exploit","type":"other","url":""},{"credibility":3,"name":"https://cryptonews.com/news/ex-employee-hacks-bedrock-unibtc-for-2m-fuzzland-uncovers-insider-exploit/","type":"other","url":""}]}],"sources_used":[],"summary":"uniBTC is a synthetic Bitcoin liquid restaking token issued by Bedrock protocol, enabling wBTC holders to earn BTC-native yield via the Babylon staking protocol while retaining liquidity. In September 2024, a critical minting vulnerability in multiple uniBTC vault smart contracts across eight blockchains was exploited for approximately $2 million after a third-party security firm disclosed the flaw hours before the attack. Post-incident forensics by Fuzzland, disclosed in June 2025, attributed the exploit to an insider threat — a former employee who embedded malware into Fuzzland's internal codebase and used privileged access to execute the attack; Bedrock has since integrated Chainlink Proof of Reserve and expanded to multiple new chains.","timeline":[{"date":"2024-06-12","event":"Blocksec conducts initial audit of uniBTC contracts.","source":""},{"date":"2024-09-04","event":"Alleged insider (later identified as a former Fuzzland employee) modifies Cargo.toml to include malicious Rust crate 'rands', embedding malware in Fuzzland workstations.","source":""},{"date":"2024-09-25","event":"Vulnerable uniBTC vault contract deployed approximately 36 hours before the exploit.","source":""},{"date":"2024-09-26","event":"16:00 UTC — Dedaub discovers and confirms the critical infinite-mint vulnerability in uniBTC vault contracts across 8 chains.","source":""},{"date":"2024-09-26","event":"16:27 UTC — Dedaub reports vulnerability to Bedrock via Twitter. 16:41 UTC — SEAL 911 war room created.","source":""},{"date":"2024-09-26","event":"Emergency call held between Fuzzland and relevant parties to discuss the Dedaub-identified vulnerability. Insider with privileged access participates.","source":""},{"date":"2024-09-26","event":"18:28 UTC — First exploit transaction executes on Ethereum. Attacker mints ~30.8 uniBTC, swaps to WBTC via Uniswap, converts to ~680 WETH, nets ~649.6 WETH (~$1.7M) after repaying flash loan.","source":""},{"date":"2024-09-26","event":"Bedrock coordinates with Pendle Finance to disable uniBTC exposure, protecting over $30M in liquidity. Vulnerable vaults paused across 8 chains.","source":""},{"date":"2024-09-27","event":"Bedrock publicly acknowledges exploit. Estimates total losses at approximately $2 million, primarily in DEX liquidity pools. Announces reimbursement plan.","source":""},{"date":"2024-09-27","event":"Stolen funds routed through Tornado Cash mixing service.","source":""},{"date":"2024-09-28","event":"Bedrock publishes post-mortem report via X (@Bedrock_DeFi). Extends job offer to attacker; no response publicly reported.","source":""},{"date":"2024-09-29","event":"Bedrock announces Chainlink Proof of Reserve Secure Mint integration as primary security remediation. PeckShield conducts post-incident audit (completed October 1, 2024). Blocksec conducts second audit (completed October 30, 2024).","source":""},{"date":"2025-02-05","event":"Bedrock contributes approximately 1,000 uniBTC to Berachain's Boyco campaign; Boyco TVL reaches $3 billion.","source":""},{"date":"2025-06-26","event":"Fuzzland publishes transparency report disclosing that a former employee was behind the September 2024 exploit using supply chain malware, social engineering, and privileged access. Fuzzland accepts full responsibility and states all affected parties were reimbursed.","source":""},{"date":"2025-09-04","event":"Bedrock launches uniBTC and brBTC on the Aptos blockchain, reporting nearly $700M in TVL and over 5,000 BTC staked across 15+ chains.","source":""}]},"v":1}