Live Markets, Charts & Financial News

Crypto staking platform Bedrock exploited via a bug, users can swap 1 ETH for 1 BTC

4

Bedrock staking protocol confirmed that their platform was compromised by a bug involving uniBTC, allowing users to exchange uniBTC for ETH token.

Bedrock announced through an X post on September 27 that they are aware of the security breach and that their team is currently “addressing” the issue.

They also assured users that the remaining funds are safe and that they plan to launch a payment plan in the near future, estimating the total loss at approximately $2 million in digital assets.

However, one of the platform’s users found that the bug allowed them to exchange Bitcoin (BTC) with Ethereum (ETH). This is because the security exploit directly affected the platform’s uniBTC, a synthetic Bitcoin token used in DeFi.

“This functionality is likely leftover from the uniETH implementation,” the user noted.

According to data from crypto.news, Bitcoin is selling for $65,449 per token while Ethereum is at $2,659 at the time of writing.

Bedrock claimed that most of the losses were from decentralized exchange liquidity pools and explained that the encapsulated Bitcoin core tokens and standard Bitcoin held in reserves were safe.

“At this time, there are no additional actions required from our community. Rest assured that all uniBTC held by users is safe,” Bedrock said, adding that the platform will issue a post-mortem report soon.

As of now, the protocol team has identified the root cause of the security exploit and are working closely with their audit teams to recover the lost funds.

Bedrock was launched in February 2023 by Singapore-based RockX. The protocol is designed to make liquid staking attractive to institutional investors by prioritizing compliance with know-your-customer and anti-money laundering regulations.

Bedrock is ranked as the 8th largest liquid storage protocol according to DevillamaWith a total value of more than $240 million locked on its platform.

Comments are closed, but trackbacks and pingbacks are open.