$1M Drained: Hacker's "Ghost" Protocol Attack Exposed

LiveBTCNews

2025-12-06 08:49:08

USPD stablecoin protocol falls prey to an advanced CPIMP attack costing 1M. During deployment, Hacker took control and went underground, taking months before emptying the coffers.

A critical exploit was confirmed by the USPD protocol. The attacker minted 98 million USPD tokens. About 232 stETH was liquidated out of liquidity pools.

Hidden Attack Went Unnoticed Since September

It was not a code vulnerability breach. USPD was audited by Nethermind and Resonance regarding security. The logic of smart contracts was not compromised in the incident.

Rather, attackers used a CPIMP attack vector. This abbreviates Clandestine Proxy in the Middle of Proxy. The adventure took place on deployment on the 16th of September.

The Multicall3 transaction was used to initialize the proxy with the aid of the hacker. Before deployment scripts would complete, admin privileges were stolen. A shadow implementation sent calls to the valid audited code.

Etherscan Verification Tools Fooled Completely

The presence of the attacker was hidden by the manipulation of the event payload. Storage slot spoofing played around the Etherscan verification system. The site portrayed audited contracts as ongoing implementations.

Proxy upgrades were available yesterday by accessing a proxy via a hidden means. Unlicensed coins struck the world with tokens. Minting operations are followed by the draining of liquidity.

You might also like: Crypto Hack News: North Korean Hackers Exploit EtherHiding for Crypto Thefts

Law Enforcement and CEXs Now Tracking Stolen Funds

USPD representatives marked out the addresses of attackers with significant exchanges. Notifications were made on both centralized and decentralized platforms. Now, fund flow monitoring is operational on platforms.

There are two addresses under investigation. Infector wallet = 0x7C97313f349608f59A07C23b18Ce523A33219d83. Drainer address = 0x083379BDAC3E138cb0C7210e0282fbC466A3215A.

The team provided a whitehat resolution path. Attackers can refund 90 percent of stolen funds. When funds are recovered, law enforcement will be halted.

The USPD officials have assured a technical post-mortem shortly. Transparency in the community is still a priority. The recovery process goes on with major security organizations.

The protocol showed how new attack vectors are putting security to the test. This advanced attack was not thwarted by even the stringent audits. An industry-wide implication is now being looked at.

Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to Disclaimer.

Comment

0/400

No comments