Introduction
Another crypto platform has been breached. Although the amount lost in the breach is not astronomical, it still represents the ever-present danger inherent in most blockchain projects. Criminals are ready to pounce on any weaknesses in smart contract codes to exploit a network and steal user funds. Bedrock is the platform that was breached. Now its security team are working round-the-clock to secure the network and prevent more losses.
Before I go into details of how the exploit happened, here is a background info of what Bedrock is all about.
Assets liquid retaking
Bedrock is a crypto staking platform that helps solve the problem of traditional staking. Normally when crypto assets are staked, they are locked up for the period of staking, making them unavailable for trading or other transactions. But Bedrock and other liquid staking platforms make the staked assets useful in another form by allowing pair tokens derived from the staked ones to be used in other transactions. For example, the derived tokens could be used as collateral to obtain crypto loans elsewhere.
Bedrock allows the liquid staking of BTC, ETH and other crypto assets. Their derivatives could be restaked in another blockchain different from the original one where the main asset was staked. Users for example could stake BTC. Then they can use the derivative UniBTC to do other transactions within the protocol.
Discovering the breach and moving forward
The Bedrock team announced on 27th September 2024, that their protocol has been compromised. They explained that the source of the breach has been identified and the team is making efforts to recover the platform to its most secure status. Below is the official announcement from Bedrock's X account:
We want to inform you that the Bedrock team is aware of a security exploit involving uniBTC. The issue has been handled and funds are SAFU. We want to reassure everyone that the underlying wrapped BTCs and BTCs in reserves are secure. The total estimated impact of the exploit is approximately $2 million (mostly in DEX LPs). The root cause has been identified and we are taking steps to address it. source
In order to assist the teams work out a solution, Bedrock has disabled some of the affected restaking engines. It also advises users to quit making any new stakes until the vulnerabilities in code has been fixed. The protocol also instructed users to immediately revoke transactions already granted approval in Bedrock staking. Users could utilize the this tool to quickly do that. The aim is to prevent further losses from the exploit.
The breach until it was discovered allowed 1 BTC to be swapped for 1 ETH on the protocol. Allowing the exploiters to carry off a significant amount of BTC value from the unbalanced swaps. The team has already determined that the loss is not too massive as the security exploit was discovered early.
Bedrock assures users that all the remaining funds have been secured and there is nothing to worry about. Moving forward, the team announced that everyone should await more updates as the remaining mop-up activities are completed by the security analysts. Meanwhile, the protocol has offered to cover all the losses. So users have nothing to worry about their assets stolen. The team promised that the refunding process will be transparent and everyone involved would be covered.
With more breaches, be investment smart
It happens almost every day. Security breaches in one crypto platform or another. Blockchain technology is still far from perfect. Intruders continue to look for weak points to exploit - and they are finding many unfortunately. This reality highlights the inherent dangers associated with crypto investments especially in the defi environment. So everyone should take security as a personal responsibility. The following are two often repeated tips to keep your crypto funds and investments safe:
Invest only what you can loose: It would certainly be foolish to take crypto so serious that live savings or inheritances are poured into it as investment. Those that did lived to regret and sometimes never recovered the losses. So its best to invest only a significant amount and have some to back up in case of losses. This tip is especially more relevant when one is dealing with new projects whose track record is still unproven. They are easiest to fall to security exploits and the chances of loss are often high.
Spread your net: Yes everything should into be poured into the same bowl. That will simply look like all eggs in one basket. It is highly risky to do so. If something like a security breach happens, then everything might get lost before one could make a blink. Basically, do not let all the assets sit in one wallet, invested in the same defi, or CEX. When assets are stored in various protocols, it raises the chances of survival since not all of them would be exploited at once.
Note: Thumbnail is mine
Posted Using InLeo Alpha