Decentralized stablecoin protocol USPD hit by $1M exploit
USPD is facing a severe security breach after an attacker quietly gained control of its proxy contract months ago and used that access to mint new tokens and drain funds.
- USPD suffered an exploit after an attacker seized proxy admin rights during deployment.
- The breach led to unauthorized USPD minting and stETH outflows worth about $1 million.
- The incident adds to a month of major exploits affecting exchanges and decentralized finance protocols.
USPD disclosed the incident on Dec. 5, saying the exploit allowed an attacker to mint roughly 98 million USPD and remove about 232 stETH, worth around $1 million. The team urged users not to buy the token and to revoke approvals until further notice.
Attackers used hidden proxy control
The protocol stressed that its audited smart contract logic was not the source of the failure. USPD said firms such as Nethermind and Resonance had reviewed the code, and internal tests confirmed expected behavior. Instead, the breach came from what the team described as a “CPIMP” attack, which is a tactic that targets the deployment window of a proxy contract.
According to USPD, the attacker front-ran the initialization process on Sept. 16 using a Multicall3 transaction. The attacker jumped in before the deployment script finished, grabbed admin access, and slipped in a hidden proxy implementation.
In order to keep the malicious setup hidden from users, auditors, and even Etherscan, that shadow version forwarded calls to the audited contract.
The camouflage worked because the attacker manipulated event data and spoofed storage slots so that block explorers displayed the legitimate implementation. This left the attacker in full control for months until they upgraded the proxy and executed the minting event that drained the protocol.
USPD said it is working with law enforcement, security researchers, and major exchanges to trace funds and halt further movement. The team has offered the attacker a chance to return 90% of the assets under a standard bug-bounty structure, saying it would treat the action as a whitehat recovery if the funds are sent back.
Exploit adds to a month of heavy
The USPD incident arrives during one of the another active periods for exploits this year, with losses across December already passing $100 million.
Upbit, one of South Korea’s largest exchanges, confirmed a $30 million breach tied to Lazarus Group earlier this week. Investigators say the attackers posed as internal administrators to obtain access, continuing a pattern that has pushed Lazarus-linked thefts above $1 billion this year.
Yearn Finance also faced an early-December exploit affecting its legacy yETH token contract. Attackers used a bug that allowed unlimited minting, producing trillions of tokens in one transaction and draining about $9 million in value.
The run of incidents highlights the rising sophistication in DeFi-focused attacks, particularly those that target proxy contracts, admin keys, and legacy systems. Security teams say interest is picking up around decentralized multi-party computation tools and hardened deployment frameworks as protocols look to reduce the impact of single-point failures.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Zcash Halving and Its Impact on Cryptocurrency Market Trends
- Zcash's 2028 halving will cut block rewards to 0.78125 ZEC, continuing its deflationary supply model to reduce annual inflation to 2%. - Historical data shows halvings trigger extreme volatility, with ZEC surging 1,172% in 2025 but collapsing 96% within 16 days. - Institutional adoption grows via $137M Grayscale Zcash Trust, yet EU's MiCA regulations challenge privacy coins' compliance with transparency rules. - Future success depends on balancing privacy features with regulatory adaptability as Zcash's
Emerging Prospects for Industrial Real Estate in Webster, NY
- Webster , NY, is transforming its industrial real estate through the $9.8M FAST NY Grant, upgrading infrastructure on a 300-acre Xerox brownfield into a high-tech hub. - The initiative aims for a 2% industrial vacancy rate by 2025, boosting residential property values by 10.1% and attracting projects like the $650M fairlife® dairy facility. - Xerox campus reconfiguration and 600 Ridge Road redevelopment, supported by state programs, create shovel-ready spaces with modern infrastructure for advanced manuf
Why Solana's Latest Plunge Highlights Underlying Weaknesses in the Crypto Market
- Solana's 57% price crash in Nov 2025 exposed systemic crypto vulnerabilities, including psychological biases, excessive leverage, and fragile infrastructure. - Token unlocks from Alameda/FTX estates and $30M selling pressure triggered the downturn, yet $101.7M in institutional inflows highlighted market paradoxes. - Fed rate cuts drove $417M into Solana ETFs, but uncertainty caused 14% price drops, revealing crypto's growing integration with traditional finance. - $19B in liquidations during the Oct 11 "
The Growing Impact of Security Systems Technology on the Future Development of Higher Education Infrastructure
- 21st-century higher education infrastructure increasingly relies on advanced security systems to address cyberattacks and campus safety threats. - AI and zero-trust architectures enable proactive threat detection, with 80% of institutions adopting zero-trust strategies by 2025. - Integrated security investments boost enrollment, research credibility, and institutional reputation, though skill gaps and outdated infrastructure hinder full implementation. - ROI extends beyond cost savings, with 60% of stude
Trending news
MoreCrypto prices
More
