Bedrock, a crypto liquid restaking protocol, recently lost $2 million due to a security exploit. On September 26, Web3 security firm Dedaub identified a vulnerability in Bedrock’s uniBTC vaults.
Despite informing Bedrock about the flaw, the protocol did not act in time, leading to the exploit. Dedaub stated, “Unfortunately, even though we found the issue in the smart contract several hours before, by the time the team responded, the vulnerability had been exploited.”
Though the attacker managed to steal $2 million, they could have taken up to $75 million. On September 27, Bedrock acknowledged the breach and reassured users that existing funds were safe.
The protocol is also working on a reimbursement plan for affected investors and collaborating with audit teams to recover the lost funds.
In a unique twist, Bedrock reached out to the hacker through an onchain message on Etherscan, offering them a reward and a position as a white hat hacker to help secure the protocol. However, the hacker has yet to respond.