ExchangeDEX+

Buy Crypto Markets Spot Futures500X Earn Events

Gold Bar & BTC Giveaway2000g

PANews reported on December 5th that, according to PeckShieldAlert, the stablecoin project USPD suffered a major security vulnerability, resulting in a loss of approximately $1 million. USPD officials confirmed that the protocol was exploited, with attackers minting tokens without authorization and draining liquidity. The official team urgently advised users to immediately revoke all token authorizations for the USPD contract. The USPD protocol has been confirmed to have been attacked by the "CPIMP" attack. During the deployment phase, the attacker used Multicall3 to preemptively initialize the proxy, seize administrator privileges, and impersonate an audited contract implementation. The official statement claims the logic is not a contract vulnerability; the attacker had been concealed for several months before upgrading the proxy, minting approximately 98M USPD, and transferring approximately 232 stETH. USPD has demanded that users immediately revoke all authorizations and has published the attack addresses: 0x7C97…9d83 (Infector) and 0x0833…215A (Drainer). They are cooperating with law enforcement and white-hat hackers to track down the attacker and have promised a 10% bounty for their return.PANews reported on December 5th that, according to PeckShieldAlert, the stablecoin project USPD suffered a major security vulnerability, resulting in a loss of approximately $1 million. USPD officials confirmed that the protocol was exploited, with attackers minting tokens without authorization and draining liquidity. The official team urgently advised users to immediately revoke all token authorizations for the USPD contract. The USPD protocol has been confirmed to have been attacked by the "CPIMP" attack. During the deployment phase, the attacker used Multicall3 to preemptively initialize the proxy, seize administrator privileges, and impersonate an audited contract implementation. The official statement claims the logic is not a contract vulnerability; the attacker had been concealed for several months before upgrading the proxy, minting approximately 98M USPD, and transferring approximately 232 stETH. USPD has demanded that users immediately revoke all authorizations and has published the attack addresses: 0x7C97…9d83 (Infector) and 0x0833…215A (Drainer). They are cooperating with law enforcement and white-hat hackers to track down the attacker and have promised a 10% bounty for their return.

Stablecoin protocol USPD suffered a loss of approximately $1 million due to the "CPIMP" attack.

2025/12/05 14:23

The USPD protocol has been confirmed to have been attacked by the "CPIMP" attack. During the deployment phase, the attacker used Multicall3 to preemptively initialize the proxy, seize administrator privileges, and impersonate an audited contract implementation. The official statement claims the logic is not a contract vulnerability; the attacker had been concealed for several months before upgrading the proxy, minting approximately 98M USPD, and transferring approximately 232 stETH. USPD has demanded that users immediately revoke all authorizations and has published the attack addresses: 0x7C97…9d83 (Infector) and 0x0833…215A (Drainer). They are cooperating with law enforcement and white-hat hackers to track down the attacker and have promised a 10% bounty for their return.

Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact service@support.mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.