Photo credit: Kanchanara/Unsplash
It seems hackers enjoy stealing money from their victims, as another bad actor has once again struck a DeFi project.
Today’s unfortunate victim is Bedrock, a multi-asset liquid staking protocol, who faced a security exploit involving its uniBTC pool where the hacker drained approximately $2 million.
The cyberattack on the liquid staking protocol was initially noticed by the blockchain security company, Cyvers Alerts, where it first reported that the attacker drained 650 ETH, valued at approximately $1.7 million.
When the blockchain security company first reported on Sept. 26 at 11:18 PM GST, the crypto assets were held in the attacker’s address. The security firm mentioned they tried to contact Bedrock through Telegram but did not receive a response.
Several hours later, on Sept. 27, Bedrock confirmed the attack took place. Additionally, the company mentioned the issue is being “handled” and the funds are SAFU, a crypto lingo which means the assets are safe and insured.
In the announcement, Bedrock states: “We want to reassure everyone that the underlying wrapped BTCs and BTCs in reserves are secure. The total estimated impact of the exploit is approximately $2 million (mostly in DEX LPs).”
The liquid staking protocol mentioned the root cause has been identified and they are taking the steps to address it. Furthermore, the project promised a reimbursement plan is being finalized and it will be shared shortly with a post-mortem report.
“Bedrock is collaborating closely with audit teams and white hats to recover the lost funds. A Proof of Reserves will be shared once it is available to ensure transparency.”