Bedrocks Liquid Restaking Protocol Hit by $2M Exploit

• Bedrock lost $2 million in a security exploit involving the synthetic Bitcoin token uniBTC but assured users that remaining funds are secure.
• Most losses occurred in decentralized exchange liquidity pools; Bedrocks reserves of wrapped BTC and standard Bitcoin were not affected.
• Bedrock plans to release a reimbursement plan soon and remains the eighth-largest liquid staking protocol with over $240M in total value locked.

Multi-asset liquid staking protocol Bedrock has confirmed a security exploit that led to the loss of approximately $2 million in funds. The incident, which involved the synthetic Bitcoin token uniBTC, was disclosed by the protocol in a statement on September 27.

Consequently, Bedrock reassured its users that the issue has been addressed and the situation is under control. The protocol has also promised to release a detailed post-mortem report alongside a reimbursement plan.

⚠️Important Announcement from the Bedrock Team

We want to inform you that the Bedrock team is aware of a security exploit involving uniBTC. The issue has been handled and funds are SAFU.

We want to reassure everyone that the underlying wrapped BTCs and BTCs in reserves are…

— Bedrock | Bitcoin Restaking LIVE (@Bedrock_DeFi) September 27, 2024

Immediate Steps Taken to Secure Platform

Notably, Bedrock responded quickly after discovering the exploit, stating that most of the losses occurred in decentralized exchange liquidity pools. The team confirmed that the underlying wrapped BTC tokens and the standard Bitcoin held in reserves were unaffected by the hack. Bedrock emphasized that its team has implemented measures to prevent similar incidents from happening again, although they did not provide specific details.

Additionally, the protocol reassured users that all remaining funds are safe and that it is working on a comprehensive reimbursement plan. The plan is expected to address the losses sustained and will be shared publicly in the near future. This commitment aims to maintain trust among its users and institutional investors, who represent a significant portion of its clientele.

Security Exploit Affects Synthetic Bitcoin Token

Notably, the security breach involved uniBTC, a synthetic Bitcoin token used in decentralized finance (DeFi) on Bedrocks platform. Synthetic tokens like uniBTC allow users to earn yield through staking, making them attractive to both retail and institutional investors.

Bedrock, which launched in February 2023, has positioned itself as a compliant protocol that prioritizes Know Your Customer (KYC) and Anti-Money Laundering (AML) standards. This appeal, particularly for institutional investors, has helped it grow rapidly in the liquid staking sector.

Despite the exploit, Bedrock remains the eighth-largest liquid staking protocol in the market, with over $240 million in total value locked (TVL) on its platform, according to DefiLlama data.

Furthermore, the liquid restaking market itself has expanded significantly, fueled by innovations like EigenLayers ETH restaking protocol. With more than $11.4 billion in TVL across the sector, liquid staking continues to play a crucial role in the broader DeFi ecosystem.

Notably, the incident raises concerns about security within the liquid staking sector, especially as synthetic tokens gain more adoption. Bedrocks quick response and commitment to reimburse users may help mitigate any long-term damage to its reputation.

However, the exploit highlights the risks associated with DeFi protocols, even those that follow strict compliance standards.