Hacker behind $2M crypto heist receives job offer from victim protocol
Crypto liquid restaking protocol Bedrock lost roughly $2 million in a security exploit. In return, the attacker was offered the job of securing the very protocol it stole from.
On Sept. 26, Web3 security firm Dedaub discovered a smart contract vulnerability in multiple uniBTC vaults of Bedrock. According to Dedaub, the bug was disclosed to Bedrock but no action was taken in response to the threat. The security firm added:
“Unfortunately, even though we found the issue in the smart contract several hours before, by the time the team responded, the vulnerability had been exploited.”
The vulnerability was exploited for approximately $2 million loss. However, the attacker had the opportunity to steal up to $75 million from the uniBTC vaults.
Source: Bedrock
On Sept. 27, Bedrock acknowledged the hack and said the protocol is developing a reimbursement plan to recoup investors’ losses. Additionally, Bedrock revealed working “with audit teams and white hats to recover the lost funds.”
Trying a new approach to funds recovery
Moreover, Bedrock also tried to contact the hacker through an onchain message found on the Ethereum blockchain analytics platform, Etherscan.
Bedrock offers a white hat job to the hacker. Source: Etherscan
Bedrock asked the hacker:
“We would like to communicate with you inviting you to become a white hat for the recent incidence. Would you be interested in working with us and making the protocol more secure?”
The hacker was also offered a reward for the $2 million uniBTC vault exploit. However, the hacker had not responded to the message at the time of this writing.
The Bedrock team assured users that the existing funds were safe and committed to unpause staking on uniBTC contracts once the vulnerability was neutralized.
Related: Coinbase-backed Truflation confirms hack, losses estimated to be $5M
Crypto lender Shezmu recently recovered nearly $5 million from a hacker after a successful onchain negotiation.
Negotiating back stolen funds
After confirming that one of its ShezmuUSD (ShezUSD) stablecoin vaults was exploited, Shezmu proactively urged the hacker to return the funds in exchange for a 10% bounty reward with no legal repercussions.
Source: Shezmu
However, the hacker responded to the request by demanding a 20% bounty reward instead of the initial 10% offer, which Shezmu agreed to.
Shezmu’s team negotiates the return of stolen funds with the hacker. Source: Etherscan
After the blockchain discussion, Shezmu began receiving the stolen Dai ( DAI ) tokens in its wallet. The hacker initially returned 282.18 Ether ( ETH ) to the protocol and followed it up with another refund of 137 Wrapped Ether (WETH).
Magazine: Worldcoin fined again! Crypto store clerk runs off with $500K cash: Asia Express
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
NFT promoters face fraud charges over alleged $22M rug pull
Bridging RWAs to DeFi: Blockchain project expands services with major relaunch
USDX built to support DeFi ecosystem growth: Hex Trust CEO
Australia’s ‘Barefoot Investor’ takes on crypto scammers stealing his likeness