USPD Protocol Suffers Exploit Through “CPIMP” Attack Vector

• Despite passing audits by Nethermind and Resonance, the USPD protocol was compromised through a rare CPIMP exploit.
• The attacker made use of different techniques that enabled them to create unauthorized tokens and drain liquidity without detection.

A few hours ago the USPD team confirmed that there was an attack that caused the platform to suffer from unauthorized token creation and liquidity loss.

According to the details, the breach did not come from mistakes in the protocol’s smart contract design, but instead, it was caused by an unusual and extremely sophisticated method known as the Clandestine Proxy In the Middle of Proxy (CPIMP) exploit. A complex concept? Let me break it down.

How the Hacker Made Use of CIMP to Exploit USPD Protocol

Before the USPD was launched, the system went through extensive security reviews that were performed by two different respected auditing companies, Nethermind and Resonance. During the auditing, every part of the platform was tested, checked, and verified, and when it launched, the architecture followed the typical industry-level safety practices, and all units of the codebase passed their evaluations.

However, despite the high-level processes that were put in place, the attacker managed to infiltrate the deployment process on the 16th of September. During the rollout, the attacker managed to carefully execute a timed front-run using a Multicall3 transaction.

This step gave them the opportunity to gain control over the proxy administrator role before the deployment script reached the step meant to finalize ownership. After they managed to take control, the attacker inserted a different implementation behind the proxy.

Also Read: Binance Coin Holds Key Support as Market Signals Point Toward a Possible Breakout

By doing this, the setup forwarded every request to the original, verified contract. So with that in place, nothing looked suspicious from the outside (i.e., the USPD team’s side and the users’ side). They also manipulated event data and changed storage slots in a way that made Etherscan display the correct, audited contract as the active implementation.

By looking at this, we can clearly see that the hackers meticulously carried out every step silently, precisely, and nearly impossible to detect in real time.

The USPD team, on the other hand, has shared that they are working in partnership with the law enforcement agencies and cybersecurity experts to make sure that the hackers are exposed. Also, the attacker’s wallets have been reported to major centralized and decentralized exchanges to block the movement of the stolen assets.

Also Read: U.S. Justice Department Seizes Crypto Scam Domain Linked to Southeast Asia