TechFlow news, on December 5, according to CertiK Alert monitoring, the USPD contract was attacked, resulting in losses of approximately $1 million. The attacker carried out the attack by manipulating stored data, with the entire attack process lasting two months.
Analysis shows the attack occurred in two stages: On September 16, the attacker preemptively executed a legitimate initialization transaction, adding a malicious intermediary proxy to the USPD stabilizer; on September 17, the attacker granted privileged roles to their contract via the malicious proxy and exploited these privileges to launch the attack 78 days later.
Previous report, the USPD protocol suffered a sophisticated attack, losing about 232 stETH, with the attacker minting 98 million USPD tokens.
