In December 2025, USPD, a stablecoin pegged to the US dollar, suffered a hack with losses of over $1 million. The attack exploited the deployment process for the protocol’s smart contracts, allowing the attacker to gain control of the real smart contract since it was deployed in September 2025.
Inside the Attack
The USPD hack involved a front-running attack against the protocol’s deployment process. In the midst of the deployment, the attacker performed a Multicall3 transaction that claimed an administrator role before the protocol’s deployment script could do so. They then deployed a proxy contract that forwarded any interactions with the smart contract to the legitimate, audited code. However, the presence of this proxy provided the attacker with control over these transactions and the ability to implement malicious functionality.
To cover their tracks, the attacker employed a combination of event payload manipulation and storage slot spoofing. This made it so that block explorers like Etherscan would show the legitimate contract code as the implementation, rather than the attacker’s malicious proxy contract.
After taking over the project and deploying their malicious proxy, the attacker bided their time for a few months as the USPD contract grew in value. Then, in December 2025, they exploited their admin access to perform an unauthorized mint of about 98 million USPD and drain about 232 stETH worth about $1 million from the protocol.
After discovering the hack, USPD launched an investigation and offered a whitehat bounty of 10% for the return of the funds. It also developed a compensation plan involving relaunching the protocol and allowing legitimate token holders to redeem them at a 1:1 ratio.
Lessons Learned from the Attack
The USPD incident demonstrates the importance of secure deployment processes and procedures as well as smart contract code audit and infrastructure security. In this case, the smart contract deployed by the USPD project was audited and contained no vulnerabilities exploited by the attacker. Instead, the attacker performed a carefully-timed, sophisticated front-running attack designed to take control over the stablecoin smart contract without revealing this fact to the project or its users.
When deploying new smart contracts on-chain, it’s essential to implement deployment processes with countermeasures against this type of attack. Halborn’s advisory services go beyond smart contract audits to offer support at every stage of the smart contract lifecycle, including best practices for secure deployment. To learn more about securing your project against attack, get in touch.