In a significant security breach, the USPD protocol has confirmed that it fell victim to a sophisticated CPIMP attack, leading to the unauthorized minting of millions of tokens. According to the official information, this incident raises concerns about the vulnerabilities in decentralized finance protocols and the potential for exploitation.
Details of the Attack
The attack allowed the perpetrator to gain admin rights during the deployment phase, after which they waited several months before executing the exploit. This resulted in the minting of 98 million USPD tokens and the theft of 232 stETH, a substantial loss for the protocol and its users.
Response from USPD
USPD has clarified that the core smart contract logic was not compromised, indicating that the breach was due to external manipulation rather than flaws in their code. In response to the incident, the team has reported the involved addresses to various exchanges in an effort to mitigate the damage.
Proposed Deal with the Attacker
In a surprising move, the USPD team has offered the attacker a deal, proposing a 90% return-for-bounty arrangement in hopes of recovering some of the stolen assets. This approach highlights the challenges faced by protocols in dealing with security breaches and the complexities of negotiating with malicious actors.
In light of the recent security breach affecting the USPD protocol, users are reminded of the importance of compliance with tax regulations as the Canada Revenue Agency intensifies its investigation into cryptocurrency transactions. For more information, see details here.
