Buy Crypto
Pay with
USD
USD
Buy & Sell
Hot
Supports Visa, MasterCard, SEPA & more
P2P
0 Fees
Flexible trading, zero fees
Gate Card
Use your crypto for payments worldwide
Markets
Trade
Basic
Advanced
Futures
Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Earn
Launch
CandyDrop
tag
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Launchpad
Be early to the next big token project
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Investment
Square
Square
Post, share, and explore crypto trends
Live
moments live
Live crypto market analysis
Chat
Chat with crypto traders
News
What is happening in crypto
flower_head
More
Promotions
AI
Diğerleri
TradFi
Rewards
Square
Latest
Hot
News
Profile
FrontRunFightervip

The USPD protocol just released an announcement confirming that it has suffered a meticulously planned attack.



The hacker employed a rather covert method—what's known as a "CPIMP attack" (Concealed Proxy in the Middle Proxy). Simply put, during the contract deployment phase, the attacker quietly managed to seize the admin privileges of the proxy contract in advance. To make matters worse, they disguised themselves as a legitimate, audited version and lay dormant for several months.

When the time was right, they launched the attack: minting approximately 98 million USPD tokens and then absconding with around 232 stETH.

The terrifying aspect of this attack method is that it can pass audit checks because everything appears normal on the surface. By the time it's discovered, the damage has already been done.
STETH-0,02%
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • 9
  • Repost
  • Share
Comment
Add a comment
Add a comment
OnchainUndercovervip
· 2025-12-08 04:33
Damn, they waited several months before making a move? This is literally the Web3 version of Infernal Affairs. Even the audits were fooled—how are us retail investors supposed to protect ourselves?
View OriginalReply0
SmartContractDivervip
· 2025-12-06 20:00
Impressive, these hackers really know what they're doing, lurking for months before making a move—that takes some serious patience.

Bypassing the audit and going straight for the bulldozer, hilarious. What happened to all those people bragging about how great the audit was?

232 stETH just gone like that. Glad I never touched USPD, really dodged a bullet there.
View OriginalReply0
ShibaMillionairen'tvip
· 2025-12-06 06:48
Uh... The hacker really has patience to wait a few months before taking action, even more than I can忍.
View OriginalReply0
down_only_larryvip
· 2025-12-05 07:02
Damn, even the audit was fooled? This CPIMP attack is just insane. They waited for months before launching it—this guy really has nerves of steel.
View OriginalReply0
PretendingSeriousvip
· 2025-12-05 07:00
I was wondering how such a huge loophole could pass the audit. Turns out, the trap was set right from the deployment stage. This guy is ruthless.
View OriginalReply0
BtcDailyResearchervip
· 2025-12-05 06:55
Damn, this technique is insane. They lay low for months before making a move, and even audits can't detect it? That's just ridiculous.
View OriginalReply0
PhantomHuntervip
· 2025-12-05 06:55
Damn, they've been lurking for months before making a move. This technique is insane... Even audits couldn't catch it? I just want to know how the USPD team can even sleep at night.
View OriginalReply0
HashBanditvip
· 2025-12-05 06:54
yo this is exactly why i don't trust audits lmao... back in my mining days we at least had transparency with hashrate, now these protocols slip past auditors like it's nothing. 232 stETH gone just like that, brutal.
Reply0
CryptoDouble-O-Sevenvip
· 2025-12-05 06:46
Damn, even audits can't catch this? Then what can we trust?
View OriginalReply0
View More

  • Pin

Sitemap