Buy $RAO Now
Main » Crypto News » A hacker devastated the DeFi protocol USPD by $1 million

A hacker devastated the DeFi protocol USPD by $1 million

A hacker devastated the DeFi protocol USPD by $1 million

A recent incident in the world of decentralized finance (DeFi) has drawn attention to vulnerabilities that can be exploited by attackers. A hacker exploited a vulnerability in the US Permissionless Dollar (USPD) protocol and withdrew over $1 million in liquidity.

How did the hack occur?



According to a report from the USPD team on social media, an unknown attacker deposited 3,122 ETH and minted 98 million USPD tokens in a single transaction. As a result, the amount of tokens created was ten times the initial deposit, and the hacker received an additional 237 stETH. The stolen crypto assets were exchanged for 300,000 USDC stablecoins through the decentralized exchange Curve.

After discovering the critical vulnerability in the protocol, USPD developers urged customers not to purchase USPD stablecoins and to immediately revoke all permissions.

CPIMP Attack Vector



The protocol team clarified that a sophisticated attack vector called CPIMP (Clandestine Proxy In the Middle of Proxy) was used for the hack. The attacker gained control of the proxy server several months ago. On September 16, they initiated the initialization process using the Multicall3 transaction. Using CPIMP, the hacker was able to stealthily gain administrative privileges and gain full control over the protocol scripts, enabling them to launch unauthorized token issuance.

Shadow Contract



To hide the malicious configuration from users, auditors, and even the Ethereum blockchain explorer Etherscan, the attacker implemented a shadow contract that redirected calls to the contract being verified. Using this camouflage, they manipulated event data and spoofed storage slots to trick block explorers into reporting the execution of a secure contract. This allowed the hacker to fully control the smart contract for several months until they updated the proxy server and issued tokens to deplete the protocol.

USPD Team Response



The USPD team stated that it has engaged law enforcement, security specialists, and major exchanges to investigate the incident to track the movement of funds. USPD developers offered the attacker a 90% refund as a reward for their cooperation, underscoring the seriousness of the situation and their commitment to recovering the lost funds.

In Conclusion



This incident serves as a reminder that even in the world of decentralized finance, where security and transparency are core principles, vulnerabilities exist that can be exploited by attackers. Development teams must continue to work to improve the security of their protocols to prevent similar attacks in the future.
Important Notice: The material provided is for informational purposes only and does not constitute investment advice. The Rao Cash editorial team is not responsible for your financial decisions. Cryptocurrency assets involve high risks — conduct your own research (DYOR).

Rao Cash Analytical Expertise: Event Context

The latest data presented in A hacker devastated the DeFi protocol USPD by $1 million clearly reflects the ongoing shifts in the balance of power within the global cryptocurrency market. The Rao Cash information portal monitors these market triggers 24/7, delivering high-quality crypto news, real-time on-chain statistics, and expert blockchain industry insights to our audience. We assist readers in promptly identifying long-term trends while filtering out speculative noise and market manipulation.

Analyzing the event requires a comprehensive approach, including liquidity assessment, exchange trading volume tracking, and smart contract security audits. A vital element of our internal ecosystem is the utility RAO token—a digital asset integrated into our content infrastructure that unlocks access to professional data processing tools. By conducting granular technical analysis, our team helps investors gain a deeper understanding of institutional capital flows across the DeFi and Real World Asset (RWA) tokenization sectors.

By exploring the analytical breakdown on our multi-language platform, you gain access to verified, real-time insights. Our expert editorial group prioritizes objectivity and factual accuracy, establishing a trustworthy information foundation for making informed decisions in a rapidly evolving Web3 economy.

Comments:
Your name:
Your E-Mail: