The USPD protocol suffered a high-level attack resulting in a loss of approximately 232 stETH, with the attacker minting 98 million USPD tokens

USPD protocol officially issued an emergency security alert, confirming that its protocol has encountered a serious security vulnerability attack, resulting in unauthorized token minting and liquidity depletion.

The attacker utilized an advanced attack technique called "CPIMP," executing proxy initialization ahead of deployment to gain hidden administrator privileges. By installing a "shadow" to implement and manipulate event data, the attacker successfully evaded verification tools, including Etherscan, and hid for months before using the privileges to mint approximately 98 million USPD and steal about 232 stETH. The USPD team has collaborated with law enforcement and security organizations to tag the attacker's address to freeze funds, while also expressing a willingness to treat the incident as a white hat rescue, stating that if 90% of the funds are returned, they will cease law enforcement actions.