USPD Suffers $1 Million Loss in Protocol Exploit Involving Token Minting

According to USPD’s official statement, its V1 protocol suffered a CPIMP deployment attack in Dec. 2025, prompting compensation measures and a privacy-focused V2 launch in mid-2026.

103d ago

Summary

USPD confirmed via official statement that its V1 protocol experienced a CPIMP deployment attack on Dec. 4, 2025, with no smart contract vulnerabilities involved. Around 230 affected users will be compensated in Jan. 2026 with redeemable Claim Tokens at a 1:1 rate, backed by a dedicated pool. The protocol plans to introduce USPD V2 in Q2 2026, featuring a modular architecture and Railgun-based privacy enhancements.

Terms & Concepts

stETH (staked Ether): A token representing Ether locked in Ethereum's staking process to earn rewards.
CPIMP: An exploit method involving covert privilege escalation to gain hidden administrative control over a protocol.
Railgun privacy: A blockchain privacy protocol enabling shielded transactions and confidential data handling through zero-knowledge proofs.