Almost a year after an incident that saw a crypto protocol lose around $2 million worth of crypto assets, a crypto-security firm claims that its former employee was responsible for the exploit.
Security solutions provider Fuzzland said that its former employee used insider information to exploit Bedrock's UniBTC protocol in September 2024.
According to the disclosure, the unnamed individual also "deployed advanced persistent threat techniques to steal sensitive information from our systems for over three weeks." The attacker also used information about a vulnerability identified by the external audit firm Dedaub.
Fuzzland claims it has compensated Bedrock's losses and is working on further investigations with security firms and law enforcement. The team also says that its clients’ data hasn't been compromised.
The incident disclosure has also revealed that the attacker combined social engineering, supply chain compromise, and insider threat techniques to exploit the protocol. For example, they demonstrated "legitimate technical skills during interviews" and managed to introduce a trojan into Fuzzland's database, establishing persistent access across engineering workstations.
The team said that while the malware remained undetected by enterprise security solutions (Falcon, AVG), Fuzzland's internal systems flagged the UniBTC contract as vulnerable one day before the attack.
"But due to false positive noise, no immediate action was taken," it admitted, adding that since then, it has implemented new measures to prevent similar attacks.
For example, to prevent the introduction of malicious or vulnerable packages, it has implemented SBOM (Software Bill of Materials) checks across all codebases, and is expanding security coverage "to deep, pre-compile source analysis via CodeQL and CodeRabbit so malicious code is flagged before it ever reaches the build stage."
The team has also admitted that the attack could have been prevented with stricter access controls to sensitive information and lateral movement, while stricter new hire and employee controls are also being introduced.
Back in September 2024, in its Bedrock vulnerability disclosure, Dedaub said that the root cause of the exploited vulnerability was a mismatched calculation of the exchange rate between ethereum (ETH) and bitcoin (BTC) in one path of the minting logic. This allowed anyone who deposited ETH into the protocol's smart contract vault to indirectly obtain the same amount of BTC.
"Since the price of ethereum is many times lower than the price of BTC, this creates an instant profit for any attacker exploiting any of these vaults," the auditor said.
Your email address will not be published. Required fields are markedmarked