According to BlockBeats news, on December 5th, the decentralized stablecoin protocol USPD tweeted that it encountered a serious security vulnerability. Attackers used the 'CPIMP (Proxy Middleman Concealed Proxy)' attack method to seize the administrator rights of the proxy contract during the deployment phase, disguised as an audited version and lay in wait for months before launching the attack, minting approximately 98 million USPD and stealing about 232 stETH.
The USPD team stated that this incident is not a logical flaw in the smart contract, has reported the relevant addresses to major CEX to freeze funds, and indicated that if the attacker returns 90% of the stolen assets, they may keep 10% as a bug bounty.