The stablecoin protocol USPD has encountered a major security vulnerability, resulting in a loss of approximately 1 million dollars

According to market news, the stablecoin project USPD has encountered a significant security vulnerability, resulting in a loss of approximately $1 million. The USPD official confirmed that the protocol was exploited, with the attacker unauthorizedly minting tokens and draining liquidity. The official urgently reminded users to revoke all token authorizations for the USPD contract immediately.

The USPD protocol confirmed it was attacked by "CPIMP," where the attacker preemptively initialized the proxy during the deployment phase through Multicall3, seizing administrative privileges and disguising as an audited implementation contract. The official stated that the logic was not a contract vulnerability, having been concealed for months before upgrading the proxy, minting approximately 98M USPD, and transferring about 232 stETH. USPD has requested users to revoke all authorizations immediately and disclosed the attack addresses: 0x7C97…9d83 (Infector), 0x0833…215A (Drainer), and is cooperating with law enforcement and white hats to track them down, promising a 10% bounty for recoverable funds.