Acquista cryptoMercatiSpotFuturesGOLDEarnCentro eventi
Altro
Gold vs Crypto
The post USPD stablecoin protocol exploited for $1M via proxy breach appeared on BitcoinEthereumNews.com. USPD is facing a severe security breach after an attacker quietly gained control of its proxy contract months ago and used that access to mint new tokens and drain funds. Summary USPD suffered an exploit after an attacker seized proxy admin rights during deployment. The breach led to unauthorized USPD minting and stETH outflows worth about $1 million. The incident adds to a month of major exploits affecting exchanges and decentralized finance protocols. USPD disclosed the incident on Dec. 5, saying the exploit allowed an attacker to mint roughly 98 million USPD and remove about 232 stETH, worth around $1 million. The team urged users not to buy the token and to revoke approvals until further notice. Attackers used hidden proxy control  The protocol stressed that its audited smart contract logic was not the source of the failure. USPD said firms such as Nethermind and Resonance had reviewed the code, and internal tests confirmed expected behavior. Instead, the breach came from what the team described as a “CPIMP” attack, which is a tactic that targets the deployment window of a proxy contract. 🚨 URGENT SECURITY ALERT: USPD PROTOCOL EXPLOIT 🚨 1/ We have confirmed a critical exploit of the USPD protocol resulting in unauthorized minting and liquidity draining. Please DO NOT buy USPD. Revoke all approvals immediately. — USPD.IO | The Dollar of the Decentralized Nation (@USPD_io) December 4, 2025 According to USPD, the attacker front-ran the initialization process on Sept. 16 using a Multicall3 transaction. The attacker jumped in before the deployment script finished, grabbed admin access, and slipped in a hidden proxy implementation. In order to keep the malicious setup hidden from users, auditors, and even Etherscan, that shadow version forwarded calls to the audited contract. The camouflage worked because the attacker manipulated event data and spoofed storage… The post USPD stablecoin protocol exploited for $1M via proxy breach appeared on BitcoinEthereumNews.com. USPD is facing a severe security breach after an attacker quietly gained control of its proxy contract months ago and used that access to mint new tokens and drain funds. Summary USPD suffered an exploit after an attacker seized proxy admin rights during deployment. The breach led to unauthorized USPD minting and stETH outflows worth about $1 million. The incident adds to a month of major exploits affecting exchanges and decentralized finance protocols. USPD disclosed the incident on Dec. 5, saying the exploit allowed an attacker to mint roughly 98 million USPD and remove about 232 stETH, worth around $1 million. The team urged users not to buy the token and to revoke approvals until further notice. Attackers used hidden proxy control  The protocol stressed that its audited smart contract logic was not the source of the failure. USPD said firms such as Nethermind and Resonance had reviewed the code, and internal tests confirmed expected behavior. Instead, the breach came from what the team described as a “CPIMP” attack, which is a tactic that targets the deployment window of a proxy contract. 🚨 URGENT SECURITY ALERT: USPD PROTOCOL EXPLOIT 🚨 1/ We have confirmed a critical exploit of the USPD protocol resulting in unauthorized minting and liquidity draining. Please DO NOT buy USPD. Revoke all approvals immediately. — USPD.IO | The Dollar of the Decentralized Nation (@USPD_io) December 4, 2025 According to USPD, the attacker front-ran the initialization process on Sept. 16 using a Multicall3 transaction. The attacker jumped in before the deployment script finished, grabbed admin access, and slipped in a hidden proxy implementation. In order to keep the malicious setup hidden from users, auditors, and even Etherscan, that shadow version forwarded calls to the audited contract. The camouflage worked because the attacker manipulated event data and spoofed storage…

USPD stablecoin protocol exploited for $1M via proxy breach

Autore: BitcoinEthereumNews
Fonte: BitcoinEthereumNews
2025/12/05 15:18
3 min di lettura
Lido Staked ETH
STETH$2,049.63-4.30%
Major
MAJOR$0.06178-1.54%
Per feedback o dubbi su questo contenuto, contattateci all'indirizzo crypto.news@mexc.com.

USPD is facing a severe security breach after an attacker quietly gained control of its proxy contract months ago and used that access to mint new tokens and drain funds.

Summary

  • USPD suffered an exploit after an attacker seized proxy admin rights during deployment.
  • The breach led to unauthorized USPD minting and stETH outflows worth about $1 million.
  • The incident adds to a month of major exploits affecting exchanges and decentralized finance protocols.

USPD disclosed the incident on Dec. 5, saying the exploit allowed an attacker to mint roughly 98 million USPD and remove about 232 stETH, worth around $1 million. The team urged users not to buy the token and to revoke approvals until further notice.

Attackers used hidden proxy control 

The protocol stressed that its audited smart contract logic was not the source of the failure. USPD said firms such as Nethermind and Resonance had reviewed the code, and internal tests confirmed expected behavior. Instead, the breach came from what the team described as a “CPIMP” attack, which is a tactic that targets the deployment window of a proxy contract.

According to USPD, the attacker front-ran the initialization process on Sept. 16 using a Multicall3 transaction. The attacker jumped in before the deployment script finished, grabbed admin access, and slipped in a hidden proxy implementation.

In order to keep the malicious setup hidden from users, auditors, and even Etherscan, that shadow version forwarded calls to the audited contract.

The camouflage worked because the attacker manipulated event data and spoofed storage slots so that block explorers displayed the legitimate implementation. This left the attacker in full control for months until they upgraded the proxy and executed the minting event that drained the protocol.

USPD said it is working with law enforcement, security researchers, and major exchanges to trace funds and halt further movement. The team has offered the attacker a chance to return 90% of the assets under a standard bug-bounty structure, saying it would treat the action as a whitehat recovery if the funds are sent back.

Exploit adds to a month of heavy

The USPD incident arrives during one of the another active periods for exploits this year, with losses across December already passing $100 million.

Upbit, one of South Korea’s largest exchanges, confirmed a $30 million breach tied to Lazarus Group earlier this week. Investigators say the attackers posed as internal administrators to obtain access, continuing a pattern that has pushed Lazarus-linked thefts above $1 billion this year.

Yearn Finance also faced an early-December exploit affecting its legacy yETH token contract. Attackers used a bug that allowed unlimited minting, producing trillions of tokens in one transaction and draining about $9 million in value.

The run of incidents highlights the rising sophistication in DeFi-focused attacks, particularly those that target proxy contracts, admin keys, and legacy systems. Security teams say interest is picking up around decentralized multi-party computation tools and hardened deployment frameworks as protocols look to reduce the impact of single-point failures.

Source: https://crypto.news/uspd-stablecoin-protocol-exploited-proxy-breach-2025/

Opportunità di mercato
Logo Lido Staked ETH
Valore Lido Staked ETH (STETH)
$2,049.63
$2,049.63$2,049.63
-4.07%
USD
Grafico dei prezzi in tempo reale di Lido Staked ETH (STETH)
Disclaimer: gli articoli ripubblicati su questo sito provengono da piattaforme pubbliche e sono forniti esclusivamente a scopo informativo. Non riflettono necessariamente le opinioni di MEXC. Tutti i diritti rimangono agli autori originali. Se ritieni che un contenuto violi i diritti di terze parti, contatta crypto.news@mexc.com per la rimozione. MEXC non fornisce alcuna garanzia in merito all'accuratezza, completezza o tempestività del contenuto e non è responsabile per eventuali azioni intraprese sulla base delle informazioni fornite. Il contenuto non costituisce consulenza finanziaria, legale o professionale di altro tipo, né deve essere considerato una raccomandazione o un'approvazione da parte di MEXC.

Potrebbe anche piacerti

VanEck Targets Stablecoins & Next-Gen ICOs

VanEck Targets Stablecoins & Next-Gen ICOs

The post VanEck Targets Stablecoins & Next-Gen ICOs appeared on BitcoinEthereumNews.com. Welcome to the US Crypto News Morning Briefing—your essential rundown of the most important developments in crypto for the day ahead. Grab a coffee because the firms shaping crypto’s future are not just building products, but also trying to reshape how capital flows. Crypto News of the Day: VanEck Maps Next Frontier of Crypto Venture Investing VanEck, a Wall Street player known for financial “firsts,” is pushing that legacy into Web3. The firsts include pioneering US gold funds and launching one of the earliest spot Bitcoin ETFs. Sponsored Sponsored “Financial instruments have always been a kind of tokenization. From seashells to traveler’s checks, from relational databases to today’s on-chain assets. You could even joke that VanEck’s first gold mutual funds were the original ‘tokenized gold,’” Juan C. Lopez, General Partner at VanEck Ventures, told BeInCrypto. That same instinct drives the firm’s venture bets. Lopez said VanEck goes beyond writing checks and brings the full weight of the firm. This extends from regulatory proximity to product experiments to founders building the next phase of crypto infrastructure. Asked about key investment priorities, Lopez highlighted stablecoins. “We care deeply about three questions: How do we accelerate stablecoin ubiquity? What will users want to do with them once highly distributed? And what net new assets can we construct now that we have sophisticated market infrastructure?” Lopez added. However, VanEck is not limiting itself to the hottest narrative, acknowledging that decentralized finance (DeFi) is having a renaissance. The VanEck executive also noted that success will depend on new approaches to identity and programmable compliance layered on public blockchains. Backing Legion With A New Model for ICOs Sponsored Sponsored That compliance-first angle explains VanEck Ventures’ recent co-lead of Legion’s $5 million seed round alongside Brevan Howard. Legion aims to reinvent token fundraising by making early-stage access…
Condividi
BitcoinEthereumNews2025/09/18 03:52
South Africa’s MeerKAT Discovery Advances Radio Astronomy and Maps Hidden Cosmic Structures

South Africa’s MeerKAT Discovery Advances Radio Astronomy and Maps Hidden Cosmic Structures

South Africa’s MeerKAT telescope discovery is advancing radio astronomy by mapping faint intergalactic structures that reshape understanding of cosmic evolution
Condividi
Furtherafrica2026/04/02 12:00
Plume Pilots Tokenized Payroll Using Wisdomtree’s WTGXX Fund – Crypto News Bitcoin News

Plume Pilots Tokenized Payroll Using Wisdomtree’s WTGXX Fund – Crypto News Bitcoin News

The post Plume Pilots Tokenized Payroll Using Wisdomtree’s WTGXX Fund – Crypto News Bitcoin News appeared on BitcoinEthereumNews.com. Crypto Payroll Evolves With
Condividi
BitcoinEthereumNews2026/04/02 12:44

Trading GOLD per 1,000,000 USDT

Trading GOLD per 1,000,000 USDTTrading GOLD per 1,000,000 USDT

0 commissioni, leva fino 1,000x, liquidità profonda