Decentralized stablecoin protocol USPD hit by $1M exploit
USPD is facing a severe security breach after an attacker quietly gained control of its proxy contract months ago and used that access to mint new tokens and drain funds.
- USPD suffered an exploit after an attacker seized proxy admin rights during deployment.
- The breach led to unauthorized USPD minting and stETH outflows worth about $1 million.
- The incident adds to a month of major exploits affecting exchanges and decentralized finance protocols.
USPD disclosed the incident on Dec. 5, saying the exploit allowed an attacker to mint roughly 98 million USPD and remove about 232 stETH, worth around $1 million. The team urged users not to buy the token and to revoke approvals until further notice.
Attackers used hidden proxy control
The protocol stressed that its audited smart contract logic was not the source of the failure. USPD said firms such as Nethermind and Resonance had reviewed the code, and internal tests confirmed expected behavior. Instead, the breach came from what the team described as a “CPIMP” attack, which is a tactic that targets the deployment window of a proxy contract.
According to USPD, the attacker front-ran the initialization process on Sept. 16 using a Multicall3 transaction. The attacker jumped in before the deployment script finished, grabbed admin access, and slipped in a hidden proxy implementation.
In order to keep the malicious setup hidden from users, auditors, and even Etherscan, that shadow version forwarded calls to the audited contract.
The camouflage worked because the attacker manipulated event data and spoofed storage slots so that block explorers displayed the legitimate implementation. This left the attacker in full control for months until they upgraded the proxy and executed the minting event that drained the protocol.
USPD said it is working with law enforcement, security researchers, and major exchanges to trace funds and halt further movement. The team has offered the attacker a chance to return 90% of the assets under a standard bug-bounty structure, saying it would treat the action as a whitehat recovery if the funds are sent back.
Exploit adds to a month of heavy
The USPD incident arrives during one of the another active periods for exploits this year, with losses across December already passing $100 million.
Upbit, one of South Korea’s largest exchanges, confirmed a $30 million breach tied to Lazarus Group earlier this week. Investigators say the attackers posed as internal administrators to obtain access, continuing a pattern that has pushed Lazarus-linked thefts above $1 billion this year.
Yearn Finance also faced an early-December exploit affecting its legacy yETH token contract. Attackers used a bug that allowed unlimited minting, producing trillions of tokens in one transaction and draining about $9 million in value.
The run of incidents highlights the rising sophistication in DeFi-focused attacks, particularly those that target proxy contracts, admin keys, and legacy systems. Security teams say interest is picking up around decentralized multi-party computation tools and hardened deployment frameworks as protocols look to reduce the impact of single-point failures.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Zcash Halving: What It Means for Cryptocurrency Investors in 2025
- Zcash's 2028 halving will reduce annual inflation to 1%, reinforcing its deflationary model after prior 50% block reward cuts in 2020 and 2024. - The 2024 halving triggered 1,172% price surge followed by 96% drop, highlighting volatility risks despite growing institutional investments like Grayscale's $137M Zcash Trust. - Privacy-focused hybrid model (shielded/transparent transactions) attracts institutional interest but faces EU MiCA regulatory scrutiny, requiring selective compliance strategies. - Inve
CleanTrade and the Evolution of Clean Energy Markets: Market Fluidity, Openness, and the Role of the CFTC
- CleanTrade, a CFTC-approved SEF, transforms clean energy markets by integrating VPPAs, PPAs, and RECs under institutional-grade transparency. - The platform unlocks liquidity through real-time pricing and centralized trading, accelerating net-zero transitions for corporations and utilities . - Enhanced transparency via project-specific REC data combats greenwashing, while regulatory alignment boosts investor confidence and market legitimacy. - By bridging traditional and renewable energy markets, CleanTr
The CFTC-Authorized Clean Energy Marketplace: An Innovative Gateway for Institutional Investors
- REsurety’s CleanTrade platform, CFTC-approved as a SEF, addresses clean energy market illiquidity and opacity by centralizing VPPAs, PPAs, and RECs. - Within two months of its 2025 launch, it attracted $16B in notional value, enabling institutional investors to streamline transactions and reduce counterparty risk. - By aggregating market data and automating compliance, CleanTrade enhances transparency, aligning with ESG priorities and regulatory certainty for institutional portfolios. - It democratizes a
SOL Drops 50%: Is This a Healthy Market Adjustment or the Onset of a Major Sell-Off?
- Solana's 50% price drop sparks debate over whether it signals a bear market correction or deeper structural selloff. - On-chain metrics show liquidity contraction and reduced exchange supply, but ETF inflows and validator activity suggest structural resilience. - Corporate transfers and the Upbit hack highlight volatility risks, while Solana's alignment with Bitcoin's trend underscores macroeconomic influence. - Key watchpoints include liquidity recovery timelines, ETF inflow sustainability, and potentia
Trending news
MoreCrypto prices
More
