Derived from HashNews, stablecoin protocol USPD has suffered a major attack, resulting in a loss of approximately $1 million. PeckShieldAlert highlighted critical security vulnerabilities in the project. USPD confirmed the protocol was exploited by attackers, who minted tokens and drained liquidity. Users were urgently advised to revoke all authorizations for USPD contracts. The attack involved using Multicall3 during deployment to front-run the initialization of a proxy, gaining admin rights and impersonating an audited implementation contract. The project stated this was not a contract vulnerability but a hidden flaw in the upgraded proxy that went unnoticed for months. A total of about 98 million USPD tokens were minted, and 232 stETH were transferred. USPD has asked users to immediately revoke all authorizations, published the attack address, and is working with law enforcement and white hats to track the attackers, offering a 10% bounty for the recovery of stolen assets.
Stablecoin Protocol USPD Suffers Major Attack, Loses $1M
KuCoinFlashShare
Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information.
Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.