Advertise
- Rizwan Ansari
Rizwan Ansari
- Reviewed by:
Sohrab KhawasSohrab is a passionate cryptocurrency news writer with over five years of experience covering the industry. He keeps a keen interest in blockchain technology and its potential to revolutionize finance. Whether he's trading or writing, Sohrab always keeps his finger on the pulse of the crypto world, using his expertise to deliver informative and engaging articles that educate and inspire. When he's not analyzing the markets, Sohrab indulges in his hobbies of graphic design, minimal design or listening to his favorite hip-hop tunes.
- Dec 05, 2025 10:31 UTC
-
DeFi Protocol USPD Loses $1 Million in “CPIMP” Attack
Hacker secretly took admin control during deployment, later draining nearly $1 million from USPD.
Attack used hidden “CPIMP” method, fooling tools like Etherscan with fake contract displays.
USPD offers attacker 10% bounty if they return 90% of stolen assets today.
A decentralized finance platform called USPD has fallen victim to a complex security breach that resulted in approximately $1 million being stolen from its protocol. What first looked like a normal system setup months ago was actually a hidden trap waiting to strike.
In the meantime, USPD is offering a 10% bounty if the attacker returns 90% of the stolen funds.
How the USPD Attack Happened?
According to blockchain security firm PeckShieldAlert, the attacker planted the trap all the way back on September 16, while the project was still being deployed. They used a clever technique during the proxy setup phase, gaining admin rights before USPD’s own deployment script could finish.
Meanwhile, this type of exploit is now being called a “CPIMP” attack, short for Clandestine Proxy In the Middle of Proxy.
What made this attack particularly sneaky was how well it was hidden. The hacker installed what security experts describe as a “shadow” implementation that cleverly forwarded everything to USPD’s properly audited contract.
By manipulating event data and storage information, they tricked blockchain explorer Etherscan into showing the legitimate, audited code, even though they had secretly planted their malicious version underneath.
Attack Finally Strikes, Losing $1 Million
After months of lying dormant and undetected, the attacker finally struck. They upgraded the proxy contract, minted around 98 million USPD tokens out of thin air, and withdrew approximately 232 stETH tokens before draining nearly $1 million in liquidity
The attacker operated through two addresses, now labeled “Infector” address (0x7C9…19d83 and the other was “Drainer” address (0x0883…3215A).
10% Bounty For The Attacker
The USPD team is working with law enforcement and white-hat researchers to track the stolen funds. They have asked all users to revoke approvals to stay safe.
They also said they are open to treating the hack as a “white-hat rescue” if the attacker comes forward.
To encourage this, USPD is offering a 10% bounty if the attacker returns 90% of the stolen assets.
Never Miss a Beat in the Crypto World!
Stay ahead with breaking news, expert analysis, and real-time updates on the latest trends in Bitcoin, altcoins, DeFi, NFTs, and more.
FAQs
The USPD protocol lost about $1M after an attacker exploited a hidden proxy setup planted months earlier.
The hacker used a “CPIMP” attack, secretly inserting a proxy that bypassed audits to mint tokens and drain liquidity.
USPD offers a 10% bounty if the attacker returns 90% of stolen assets, working with law enforcement and white-hat researchers.
Users should immediately revoke all approvals to prevent further unauthorized access to their funds.
A CPIMP (Clandestine Proxy In the Middle of Proxy) attack hides malicious code in a proxy, tricking audits and explorers like Etherscan.
Trust with CoinPedia:
CoinPedia has been delivering accurate and timely cryptocurrency and blockchain updates since 2017. All content is created by our expert panel of analysts and journalists, following strict Editorial Guidelines based on E-E-A-T (Experience, Expertise, Authoritativeness, Trustworthiness). Every article is fact-checked against reputable sources to ensure accuracy, transparency, and reliability. Our review policy guarantees unbiased evaluations when recommending exchanges, platforms, or tools. We strive to provide timely updates about everything crypto & blockchain, right from startups to industry majors.
Investment Disclaimer:
All opinions and insights shared represent the author's own views on current market conditions. Please do your own research before making investment decisions. Neither the writer nor the publication assumes responsibility for your financial choices.
Sponsored and Advertisements:
Sponsored content and affiliate links may appear on our site. Advertisements are marked clearly, and our editorial content remains entirely independent from our ad partners.
Yes 
No 
