Even though Bedrock lost $2 million to a smart contract exploit, it gave the hacker a job to help protect its protocol and get back money pilfered.
Protocol for crypto-liquid restaking Bedrock had a security breach that cost them almost $2 million. The attacker was allowed to secure the protocol it had stolen in exchange.
Web3 security company Dedaub found an intelligent contract vulnerability in some Bedrock uniBTC vaults on September 26. Dedaub claims that despite Bedrock being informed of the flaw, no steps were taken to address the threat. The security company also mentioned:
“Unfortunately, even though we found the issue in the smart contract several hours before, by the time the team responded, the vulnerability had been exploited.”
Roughly $2 million was lost as a result of the vulnerability. Still, the attacker might have taken up to $75 million from the uniBTC vaults.
Bedrock confirmed the hack on September 27 and stated that the protocol is developing a refund scheme to compensate investors for their losses. Bedrock also disclosed they were “collaborating with audit teams and white hats to recover the lost funds.”
Attempting a novel method for recovering monies
Additionally, Bedrock attempted to contact the hacker via an onchain message on Etherscan, an Ethereum blockchain analytics site.
Bedrock enquired about the hacker:
“We would like to communicate with you inviting you to become a white hat for the recent incidence. Would you be interested in working with us and making the protocol more secure?”
A reward for the $2 million uniBTC vault vulnerability was also extended to the hacker. As of the time of writing, though, the hacker had not replied to the message.
The Bedrock team reassured users that their money was secure, and they promised to resume staking on uniBTC contracts as soon as the vulnerability was fixed.
Shezmu, a cryptocurrency lender, successfully negotiated an onchain settlement with a hacker to retrieve about $5 million.
Recovering assets that have been stolen through negotiation
Following confirmation that one of its stablecoin vaults, ShezmuUSD (ShezUSD), had been compromised, Shezmu aggressively encouraged the hacker to return the money for a 10% bounty incentive that would have no legal consequences.
Shezmu complied with the hacker’s request, but in response, the hacker demanded a 20% bounty incentive rather than the initial 10% offer.
Following the blockchain discussion, Shezmu started receiving the stolen DaiDAI$0.9998 tokens in its wallet. The hacker first refunded the protocol 282.18 Ether ETH ($2,657.25) and then gave another refund of 137 Wrapped Ether (WETH).
