DeFi Protocol USPD Loses $1 Million in “CPIMP” Attack
The post DeFi Protocol USPD Loses $1 Million in “CPIMP” Attack appeared first on Coinpedia Fintech News
A decentralized finance platform called USPD has fallen victim to a complex security breach that resulted in approximately $1 million being stolen from its protocol. What first looked like a normal system setup months ago was actually a hidden trap waiting to strike.
In the meantime, USPD is offering a 10% bounty if the attacker returns 90% of the stolen funds.
How the USPD Attack Happened?
According to blockchain security firm PeckShieldAlert, the attacker planted the trap all the way back on September 16, while the project was still being deployed. They used a clever technique during the proxy setup phase, gaining admin rights before USPD’s own deployment script could finish.
Meanwhile, this type of exploit is now being called a “CPIMP” attack, short for Clandestine Proxy In the Middle of Proxy.
What made this attack particularly sneaky was how well it was hidden. The hacker installed what security experts describe as a “shadow” implementation that cleverly forwarded everything to USPD’s properly audited contract.
By manipulating event data and storage information, they tricked blockchain explorer Etherscan into showing the legitimate, audited code, even though they had secretly planted their malicious version underneath.
Attack Finally Strikes, Losing $1 Million
After months of lying dormant and undetected, the attacker finally struck. They upgraded the proxy contract, minted around 98 million USPD tokens out of thin air, and withdrew approximately 232 stETH tokens before draining nearly $1 million in liquidity
The attacker operated through two addresses, now labeled “Infector” address (0x7C9…19d83 and the other was “Drainer” address (0x0883…3215A).
10% Bounty For The Attacker
The USPD team is working with law enforcement and white-hat researchers to track the stolen funds. They have asked all users to revoke approvals to stay safe.
They also said they are open to treating the hack as a “white-hat rescue” if the attacker comes forward.
To encourage this, USPD is offering a 10% bounty if the attacker returns 90% of the stolen assets.
You May Also Like
US Prosecutors Seek 12-Year Prison for Do Kwon Over Terra Collapse
Highlights: US prosecutors requested a 12-year prison sentence for Do Kwon after the Terra collapse. Terraform’s $40 billion downfall caused huge losses and sparked a long downturn in crypto markets. Do Kwon will face sentencing on December 11 and must give up $19 million in earnings. US prosecutors have asked a judge to give Do Kwon, Terraform Labs co-founder, a 12-year prison sentence for his role in the remarkable $40 billion collapse of the Terra and Luna tokens. The request also seeks to finalize taking away Kwon’s criminal earnings. The court filing came in New York’s Southern District on Thursday. This is about four months after Kwon admitted guilt on two charges: wire fraud and conspiracy to defraud. Prosecutors said Kwon caused more losses than Samuel Bankman-Fried, Alexander Mashinsky, and Karl Sebastian Greenwood combined. U.S. prosecutors have asked a New York federal judge to sentence Terraform Labs co-founder Do Kwon to 12 years in prison, calling his role in the 2022 TerraUSD collapse a “colossal” fraud that triggered broader crypto-market failures, including the downfall of FTX. Sentencing is… — Wu Blockchain (@WuBlockchain) December 5, 2025 Terraform Collapse Shakes Crypto Market Authorities explained that Terraform’s collapse affected the entire crypto market. They said it helped trigger what is now called the ‘Crypto Winter.’ The filing stressed that Kwon’s conduct harmed many investors and the broader crypto world. On Thursday, prosecutors said Kwon must give up just over $19 million. They added that they will not ask for any additional restitution. They said: “The cost and time associated with calculating each investor-victim’s loss, determining whether the victim has already been compensated through the pending bankruptcy, and then paying out a percentage of the victim’s losses, will delay payment and diminish the amount of money ultimately paid to victims.” Authorities will sentence Do Kwon on December 11. They charged him in March 2023 with multiple crimes, including securities fraud, market manipulation, money laundering, and wire fraud. All connections are tied to his role at Terraform. After Terra fell in 2022, authorities lost track of Kwon until they arrested him in Montenegro on unrelated charges and sent him to the U.S. Do Kwon’s Legal Case and Sentencing In April last year, a jury ruled that both Terraform and Kwon committed civil fraud. They found the company and its co-founder misled investors about how the business operated and its finances. Jay Clayton, U.S. Attorney for the Southern District of New York, submitted the sentencing request in November. TERRA STATEMENT: “We are very disappointed with the verdict, which we do not believe is supported by the evidence. We continue to maintain that the SEC does not have the legal authority to bring this case at all, and we are carefully weighing our options and next steps.” — Zack Guzmán (@zGuz) April 5, 2024 The news of Kwon’s sentencing caused Terraform’s token, LUNA, to jump over 40% in one day, from $0.07 to $0.10. Still, this rise remains small compared to its all-time high of more than $19, which the ecosystem reached before collapsing in May 2022. In a November court filing, Do Kwon’s lawyers asked for a maximum five-year sentence. They argued for a shorter term partly because he could face up to 40 years in prison in South Korea, where prosecutors are also pursuing a case against him. The legal team added that even if Kwon serves time in the U.S., he would not be released freely. He would be moved from prison to an immigration detention center and then sent to Seoul to face pretrial detention for his South Korea charges. eToro Platform Best Crypto Exchange Over 90 top cryptos to trade Regulated by top-tier entities User-friendly trading app 30+ million users 9.9 Visit eToro eToro is a multi-asset investment platform. The value of your investments may go up or down. Your capital is at risk. Don’t invest unless you’re prepared to lose all the money you invest. This is a high-risk investment, and you should not expect to be protected if something goes wrong.
James Gunn Talks About His ‘Batman’ Actor Shortlist For The DCU
