The hacker behind the $2M crypto heist receives a job offer from the victim’s protocol

Crypto liquid restaking protocol Bedrock has lost nearly $2 million in security exploits. In return, the attacker was tasked with securing the stolen protocol.

On September 26, Web3 security firm DeDab discovered a smart contract vulnerability in several UniBTC bedrock repositories. According to Dedaube, the error was reported to Bedrock but no action was taken in response to the threat. The security firm added:

Unfortunately, although we discovered the issue several hours ago in the smart contract, the vulnerability was exploited by the time the team responded.

The exposure was exploited at a loss of nearly $2 million. However, the attacker had the opportunity to steal up to $75 million from the UniBTC coffers.

On September 27, Bedrock acknowledged the hack and said the protocol was developing a compensation plan to recover investors' losses. Bedrock also revealed that it worked “with audit teams and white hats to recover the missing funds.”

Trying a new way to get money back

Moreover, Bedrock tried to find the hacker through onchain messages found on the Ethereum blockchain analytics platform, Etherscan.

Bedrock asked the hacker:

“We would like to contact you, inviting you to become a white hat for the latest event. Are you interested in working with us and making the protocol more secure?”

The hacker was awarded a $2 million reward for exploiting the uniBTC vault. However, the hacker has not responded to the message till the time of writing this report.

The Bedrock team has confirmed to users that their funds are safe after the exposure has been removed and they are committed to withdrawing their stake in uniBTC contracts.

Related: Coinbase-backed Truflation Confirms Hack, Losses $5M

Crypto lender Shezmu recently received nearly $5 million from a hacker after a successful on-chain transaction.

Negotiating to return stolen funds

After confirming that one of the ShezmuUSD (ShezUSD) stablecoin vaults had been compromised, Shezmu actively encouraged the hacker to return the funds in exchange for a 10% bonus reward with no legal consequences.

However, the hacker responded to the request by asking for a 20% reward instead of the original 10% discount, which Shezmu agreed to.

After the blockchain discussion, Shezumu started accepting the stolen Dai (DAI) tokens in the wallet. The hacker initially returned 282.18 Ether (ETH) to the protocol and then returned another 137 bundles of Ether (WETH).

Magazine: Worldcoin Punished Again! Crypto Store Clerk Makes $500,000: Asia Express