The crypto liquid restaking protocol Bedrock has suffered a significant setback, losing approximately $2 million in a security exploit. The incident has raised eyebrows, especially after the protocol attempted to recruit the very hacker who exploited its vulnerabilities to enhance its security measures.
On September 26, Web3 security firm Dedaub identified a critical smart contract vulnerability within multiple uniBTC vaults associated with Bedrock. Despite notifying the Bedrock team about the issue, the response was insufficient. Dedaub stated, “Unfortunately, even though we found the issue in the smart contract several hours before, by the time the team responded, the vulnerability had been exploited.”
The attacker exploited this weakness, resulting in a loss of around $2 million, but could have potentially drained up to $75 million from the uniBTC vaults.
On September 27, Bedrock acknowledged the hack and announced plans for a reimbursement strategy aimed at recovering investors’ losses. The team is actively collaborating with audit firms and white-hat hackers to retrieve the lost funds. In a unique approach, Bedrock reached out to the hacker via an on-chain message on the Ethereum blockchain, inviting them to join as a white hat and assist in securing the protocol.
The message read: “We would like to communicate with you, inviting you to become a white hat for the recent incident. Would you be interested in working with us and making the protocol more secure?” In addition, Bedrock offered the hacker a reward for the exploit, although there has been no response from the attacker at the time of writing.
The incident with Bedrock is reminiscent of a recent successful negotiation by crypto lender Shezmu, which managed to recover nearly $5 million from a hacker after a similar exploit. After confirming that one of its ShezmuUSD (ShezUSD) stablecoin vaults had been compromised, Shezmu proactively reached out to the hacker, offering a 10% bounty for the return of the stolen funds with a promise of no legal repercussions.
The hacker countered this offer by demanding a 20% bounty, which Shezmu ultimately accepted. Following negotiations, Shezmu received various refunds, including 282.18 Ether (ETH) and another 137 Wrapped Ether (WETH), demonstrating that on-chain communication can lead to successful recoveries in certain cases.
The security exploit at Bedrock highlights ongoing vulnerabilities within the crypto space and the importance of proactive security measures. While the protocol's attempt to recruit the hacker as a white hat is unconventional, it underscores a growing trend of negotiation for fund recovery in the crypto world. As Bedrock works to address the vulnerabilities and ensure the safety of remaining funds, the incident serves as a reminder of the critical need for robust security in the evolving landscape of decentralized finance (DeFi).
September 2024, Cryptoniteuae