Bitcoin

USPD stablecoin hack reveals clandestine proxy attack

USPD stablecoin hack reveals clandestine proxy attack

The post USPD stablecoin hack reveals clandestine proxy attack appeared on BitcoinEthereumNews.com.

Investigators are still piecing together how the USPD stablecoin protocol was drained, as fresh on-chain data and security analyses continue to emerge. Over $1 million in liquidity drained from USPD The decentralized finance protocol US Permissionless Dollar suffered a severe security breach that enabled unauthorized stablecoin minting and the loss of more than $1 million in liquidity. According to an incident report shared on the protocol team’s official X account, the attacker deposited roughly 3,122 ETH as collateral on the platform. The report noted that the exploiter then used this collateral to trigger a bug that allowed them to mint approximately 98 million USPD tokens in a single transaction. Moreover, the faulty logic generated around ten times the appropriate token amount against the original deposit, massively inflating supply and breaking the system’s economic assumptions. This process also gave the attacker a path to drain an additional 237 stETH from the protocol’s collateral pools. The stolen stablecoins were then converted into about $300,000 worth of USDC via the decentralized exchange Curve, in what security analysts described as a rapid liquidity exit. However, most of the minted tokens remain a focus of ongoing stolen funds tracing efforts. USPD developers and several cybersecurity monitoring accounts, including PeckShield Alert, quickly warned users once the exploit was confirmed. The team urged community members: “Please DO NOT buy USPD. Revoke all approvals immediately,” stressing that the protocol had suffered both liquidity draining and major governance compromise. Clandestine proxy attack method used in the breach The protocol’s technical report said the breach relied on a complex vector called CPIMP, short for Clandestine Proxy In the Middle of Proxy. USPD explained that the attacker front-ran the proxy initialization during deployment on September 16, using a Multicall3 transaction to slip malicious steps into the setup. Using this method, the…

Read More

Related Posts

Bitcoin’s Struggle at $100,000 Reveals Underlying Market Stress

Bitcoin’s Struggle at $100,000 Reveals Underlying Marke...

Massive XRP Move Ahead? Key Patterns Predict 360% Upside

Massive XRP Move Ahead? Key Patterns Predict 360% Upside

Bitcoin Dips Below $90,000 as Crypto Faces Volatility and Liquidations

Bitcoin Dips Below $90,000 as Crypto Faces Volatility a...

Trend Reversal Puts Dogecoin On A Path To $0.188

Trend Reversal Puts Dogecoin On A Path To $0.188

Bitcoin’s end-of-year run to $100K heavily depends on Fed pivot outcomes

Bitcoin’s end-of-year run to $100K heavily depends on F...

The U.S. Can Win Its 2026 World Cup Group, But It Won’t Be Easy

The U.S. Can Win Its 2026 World Cup Group, But It Won’t...