TLDR
- Bedrock, a multi-asset liquid staking protocol, suffered a $2M exploit involving uniBTC
- The exploit has been “handled” and remaining assets are safe
- Bedrock is finalizing a reimbursement plan and will share a post-mortem report
- Most losses were in DEX liquidity pools; wrapped BTC and BTC reserves are secure
- Bedrock is the 8th largest liquid staking protocol with over $240M in TVL
On September 27, Bedrock, a multi-asset liquid staking protocol, confirmed it had fallen victim to a security exploit. The incident, which involved uniBTC, a synthetic Bitcoin token used in DeFi, resulted in the loss of approximately $2 million in assets.
Bedrock quickly addressed the situation, assuring users that the root cause had been “handled” and that all remaining funds were safe.
Bedrock, launched in February 2023 by Singapore-based blockchain firm RockX, is designed to attract institutional investors to liquid staking.
⚠️Important Announcement from the Bedrock Team
We want to inform you that the Bedrock team is aware of a security exploit involving uniBTC. The issue has been handled and funds are SAFU.
We want to reassure everyone that the underlying wrapped BTCs and BTCs in reserves are…
— Bedrock | Bitcoin Restaking LIVE (@Bedrock_DeFi) September 27, 2024
The protocol offers products such as uniBTC, uniETH, and uniIOTX, which are synthetic representations of major blockchain tokens allowing users to earn yield through staking.
Prior to the exploit, Bedrock had established itself as the eighth-largest liquid staking protocol in the market, with over $240 million in total value locked (TVL).
The exploit primarily affected decentralized exchange (DEX) liquidity pools. Bedrock was quick to clarify that the underlying wrapped BTC tokens and standard Bitcoin held in reserves remained secure. This information helped to alleviate some concerns about the extent of the breach.
In response to the incident, Bedrock announced that it is finalizing a comprehensive reimbursement plan for affected users.
The protocol also committed to sharing a detailed post-mortem report in the near future, demonstrating a commitment to transparency and learning from the incident.
The Bedrock team used social media to communicate with users and the wider crypto community. In a post on X (formerly Twitter), they acknowledged the exploit and provided initial details about the incident.
This swift communication helped to keep users informed and may have prevented further panic in the aftermath of the exploit.
Liquid restaking protocols like Bedrock have seen significant growth in recent months. The sector now boasts over $11.4 billion in TVL, indicating its increasing popularity among crypto investors.
Bedrock’s position as the eighth-largest protocol in this space underscores its importance in the ecosystem.
The incident at Bedrock occurs against the backdrop of rapid growth in liquid restaking and native restaking protocols.
Since the launch of ETH restaking protocol Eigenlayer in April, these sectors have become some of the largest in the crypto industry. Eigenlayer alone now has more than $12.1 billion in TVL on its mainnet, according to data from DefiLlama.
Bedrock’s approach to the exploit demonstrates the protocol’s focus on security and user trust. By prioritizing strict Know Your Customer (KYC) and Anti-Money Laundering (AML) compliance, Bedrock has positioned itself as a platform suitable for institutional investors with large sums of capital.
Source: https://blockonomi.com/bedrock-protocol-reports-2m-exploit-reimbursement-plan-in-progress/