Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Launchpad
Be early to the next big token project
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
More
The USPD stablecoin protocol has just suffered a well-planned attack, and the scale of the loss is not small - the hacker issued an additional 98 million USPD out of thin air, and also took 232 stETH.
The attack was rare: hackers got administrator privileges when the project was first deployed, then disguised the malicious code as a normal version and lurked for months. Last night, I suddenly started using permissions to directly operate the contract, and the whole process was quite smooth.
To be honest, the impact of this matter is not just the USPD's own problem. First, it exposes a reality that many people are unwilling to face - if permissions are leaked in the initial deployment stage, no matter how much audit is conducted later, it is useless. Secondly, although USPD is not large, security issues in stablecoin protocols will always reduce the market's trust in the entire DeFi ecosystem.
The project team reacted quite quickly, immediately contacted the exchange to freeze the assets, and also tried to negotiate with the hacker, but the money had been transferred, and it was really hard to say how much could be recovered in the future.
This is a reminder to ordinary users:
Don't rush to new projects. Those protocols that have just been launched and have not been tested by the market for a long time have risks far beyond the code level, but also the deployment process, team reliability, and permission management.
The audit report is not a gold medal for avoiding death. Many people feel safe when they see "audited", but audits can only cover a specific range of code logic, and permissions like this one are stolen at the source, and the audit cannot find out at all.
Controlling positions is the last word. Participating in any DeFi project, the money invested must be the part of your life that you lose and do not affect your life. Betting heavily on small projects is a bet on luck.
The openness of DeFi is an advantage, but security issues do persist. Protecting your assets is more important than chasing returns.
---
A sudden issuance of 98 million tokens out of nowhere—this trick is really brilliant. They waited several months before making a move...
---
So, no matter how high the APY is, it's not worth it. Gambling with luck either results in losing everything or making a huge profit—there's no third outcome.
---
Why does this always happen? Once permissions are leaked, there's no saving it at all.
---
DeFi is truly a big casino. Protecting your wallet is more important than anything else. There have been too many lessons.
---
Just deployed and immediately targeted by hackers? This team's reliability is questionable. I can't understand it.
---
It’s pointless if exchanges freeze assets; on-chain transactions can't be traced back at all...
To put it bluntly, it's not greedy, you have to rush to new projects. The people around me threw money into it when they saw "audited", can the audit find out that the private key was stolen? Not at all.
232 stETH is gone, which is the most heart-wrenching. The project party should have clarified the authority in the deployment stage.
Small projects are inherently risky, which can be regarded as a wake-up call for the entire DeFi.
The authority is stolen from the source, and the audit can find out that there are ghosts, to put it bluntly, it still depends on luck and vision.
No wonder so many people would rather idle fish than touch new coins, new chains, the risk is really not a star and a half.
The people who rushed the new project as soon as it was launched deserved it, and there was nothing to sympathize with to be honest.
Wait, this hacker has been lurking for several months before taking action? This technique is really amazing, a bit professional.
Position management is still the old saying, don't move if you can't afford to lose money, and this is the end of greed.
The possibility of recovery this time is close to 0, and the funds have already run on the chain.
DeFi still has to be cautious, there is no savior.