CertiK: The USPD contract was attacked, resulting in losses of approximately $1 million, and the entire attack process lasted for 2 months

According to CertiK Alert monitoring, the USPD contract suffered an attack resulting in a loss of approximately $1 million. The attacker executed the attack by manipulating stored data, and the entire attack process lasted for 2 months. Analysis indicates that the attack was divided into two phases: the attacker executed a legitimate initialization transaction in advance, adding a malicious intermediary to the USPD stabilizer; the attacker granted privileged roles to their contract through the malicious intermediary and exploited that privilege to carry out the attack 78 days later.