USPD protocol suffers sophisticated attack, losing approximately 232 stETH; attacker mints 98 million USPD tokens
ChainCatcher News: The official USPD protocol has issued an urgent security alert, confirming that its protocol has suffered a severe security vulnerability attack, resulting in unauthorized token minting and liquidity depletion.
The attacker exploited an advanced attack technique called “CPIMP”, preemptively executing proxy initialization during deployment to obtain hidden administrator privileges. By installing a “shadow” implementation and manipulating event data, the attacker successfully bypassed verification tools including Etherscan. After remaining undetected for several months, the attacker used these privileges to mint approximately 98 million USPD and steal about 232 stETH. The USPD team has cooperated with law enforcement and security organizations to flag the attacker’s addresses in order to freeze the funds, and has also stated their willingness to treat the incident as a white-hat rescue: if 90% of the funds are returned, enforcement actions will cease.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Ethereum Prysm client bug causes validator participation to drop by 25%, nearly resulting in loss of finality
Trending news
MoreCrypto prices
More
