Bedrock, a liquidity staking platform, confirmed a security incident on Sept. 27 that affected approximately $2 million in liquidity, primarily within the Uniswap pool. A post-mortem revealed a vulnerability in the uniBTC smart contract, which was exploited to mint 30.8 uniBTC and swap them for WBTC in Uniswap pools.

While 125 exploiters were identified, the vulnerability was limited to the uniBTC smart contract. Bedrock said other assets like uniETH and uniIOTX remained unaffected.

To address the incident, Bedrock integrated with Chainlink, a decentralized oracle network, for proof of reserves. Chainlink’s reliable oracles will help Bedrock demonstrate sufficient funds to back uniBTC to its community. Concerning the redemption of the tokenized BTC, Bedrock said:

We guarantee uniBTC can be 1:1 redeemed, ensuring that for every unit of uniBTC, there is a corresponding equivalent amount of BTC available. This guarantees our users that their investments are secure, providing confidence in the stability of our platform.

Bedrock’s post-mortem reassured users and announced plans to enable unstaking functionality, allowing users to easily withdraw their staked assets. It also disclosed plans to collaborate with partners to redeploy liquidity on decentralized exchanges.

To prevent future attacks, Bedrock said it will conduct additional smart contract security audits and implement round-the-clock real-time security monitoring. Furthermore, Bedrock said it will also propose establishing a security fund and bug bounty program.