Photo credit: Kanchanara/Unsplash

It seems hackers enjoy stealing money from their victims, as another bad actor has once again struck a DeFi project. 

Today’s unfortunate victim is Bedrock, a multi-asset liquid staking protocol, who faced a security exploit involving its uniBTC pool where the hacker drained approximately $2 million. 

The cyberattack on the liquid staking protocol was initially noticed by the blockchain security company, Cyvers Alerts, where it first reported that the attacker drained 650 ETH, valued at approximately $1.7 million. 

When the blockchain security company first reported on Sept. 26 at 11:18 PM GST, the crypto assets were held in the attacker’s address. The security firm mentioned they tried to contact Bedrock through Telegram but did not receive a response. 

Several hours later, on Sept. 27, Bedrock confirmed the attack took place. Additionally, the company mentioned the issue is being “handled” and the funds are SAFU, a crypto lingo which means the assets are safe and insured. 

In the announcement, Bedrock states: “We want to reassure everyone that the underlying wrapped BTCs and BTCs in reserves are secure. The total estimated impact of the exploit is approximately $2 million (mostly in DEX LPs).”

The liquid staking protocol mentioned the root cause has been identified and they are taking the steps to address it. Furthermore, the project promised a reimbursement plan is being finalized and it will be shared shortly with a post-mortem report. 

“Bedrock is collaborating closely with audit teams and white hats to recover the lost funds. A Proof of Reserves will be shared once it is available to ensure transparency.”