COINOTAG News reports that on December 5, the decentralized stablecoin protocol USPD disclosed a severe security vulnerability linked to a CPIMP (Contract Proxy Inherit Proxy) attack. The intruder seized proxy contract admin rights during deployment, masquerading as an audited release and remaining dormant for months, minting approximately 98 million USPD and siphoning about 232 stETH.
USPD stated the incident did not arise from smart contract logic flaws. The team has notified major centralized exchanges to freeze funds and is coordinating with security partners to trace assets. They indicated a potential bounty: return roughly 90% of stolen funds, retain 10%.
This incident underscores governance and proxy architecture risks in decentralized finance; investors should monitor official updates and reassess exposure to USPD-related liquidity and counterparty risk.