• The Informer Post
  • Posts
  • Hackers Plunder $2,000,000 Worth of Crypto From Liquid Restaking Protocol Bedrock

Hackers Plunder $2,000,000 Worth of Crypto From Liquid Restaking Protocol Bedrock

A liquid staking protocol says that bad actors made away with millions of dollars worth of crypto assets after hacking into the decentralized finance (DeFi) platform.

In a new announcement on the social media platform X, Bitcoin (BTC) restaking project Bedrock says that they’ve been exploited for $2 million but assures customers that they’ve identified the root of the issue and their assets are safe.

“We want to inform you that the Bedrock team is aware of a security exploit involving uniBTC. The issue has been handled and funds are SAFU. We want to reassure everyone that the underlying wrapped BTCs and BTCs in reserves are secure.

The total estimated impact of the exploit is approximately $2 million (mostly in decentralized exchange liquidity protocols). The root cause has been identified and we are taking steps to address it.”

According to Bedrock’s post-mortem incident report, the hackers were able to exploit a vulnerability in their smart contract protocol, allowing them to mint uniBTC, a synthetic version of Bitcoin, and swap it for Wrapped Bitcoin (wBTC) in the liquidity pools of decentralized exchange (DEX) platform Uniswap (UNI).

“In response, we paused the vulnerable contract and implemented a fix to mitigate the vulnerability, which was later confirmed to have affected approximately $2 million in liquidity, primarily within the Uniswap pool.

The vulnerable contract was deployed across eight different chains: Ethereum, BNBChain, Arbitrum, Optimism, Mantle, Mode, BOB, and ZetaChain. A total of 125 exploiters are identified.”

According to data from blockchain security firm Cyvers, the bad actor’s wallet – which had collected funds from the crypto mixer Tornado Cash – has hundreds of Ethereum (ETH) sitting in it.

“The suspicious address funded funds by Tornado Cash, and it appears the uniBTC pool has been drained of $1.7 million. Currently, 650 ETH (worth $1.7 million) is sitting at the attacker’s address.”

Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any losses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.

Generated Image: Midjourney