Cryptocurrency securitization protocol Bedrock lost approximately $2 million due to a security exploit. In return, the attackers were offered the task of protecting the very protocols they had stolen.
On September 26, Web3 security company Dedaub discovered smart contract vulnerabilities in several of Bedrock’s uniBTC vaults. According to Dedaub, the bug was disclosed to Bedrock, but no action was taken in response to the threat. The security company added:
“Unfortunately, we discovered an issue in our smart contract a few hours ago, but by the time the team could respond, the vulnerability had been exploited.”
This vulnerability caused approximately $2 million in damage. However, attackers had the opportunity to steal up to $75 million from uniBTC vaults.
source: radical
On September 27, Bedrock acknowledged the hack and said the protocol was developing a repayment plan to compensate investors for their losses. Bedrock also said it was “working with our audit team and white hats to recover lost funds.”
Trying a new approach to recovering funds
Bedrock also attempted to contact the hacker through on-chain messages discovered on Etherscan, an Ethereum blockchain analytics platform.
Bedrock offers hackers white hat jobs. Source: Etherscan
Bedrock asked the hacker:
“I would like to connect with you and ask you to be a white hat on recent events. Are you interested in working with us to make the protocol more secure?”
Hackers were also offered a $2 million reward for exploiting the uniBTC vault. However, as of this writing, the hacker has not responded to the message.
The Bedrock team assured users that their existing funds are safe and that they will pause staking on the uniBTC contract once the vulnerability is neutralized.
relevant: Coinbase-backed Truflation confirmed hacked, losses estimated at $5 million
Cryptocurrency lender Shezmu recently recovered approximately $5 million from hackers through a successful on-chain negotiation.
Negotiate recovery of stolen funds
After confirming that one of the ShezmuUSD (ShezUSD) stablecoin vaults was exploited, Shezmu actively urged hackers to return their funds in exchange for a 10% bounty reward without legal repercussions.
source: Shezma
However, the hacker responded to the request by demanding a 20% bounty compensation instead of the initial 10% offer that Shezmu agreed to.
Shezmu’s team negotiates with the hackers the return of stolen funds. Source: Etherscan
After the blockchain discussion, Shezmu started receiving stolen Dai (DAI) tokens into his wallet. The hacker initially returned 282.18 Ether (ETH) to the protocol and then refunded 137 Wrapped Ether (WETH) back.
magazine: WorldCoin has been fined again! Crypto Store Clerk Runs Off With $500,000 in Cash: Asia Express