← US Permissionless Dollar1 decision on this page

Audit log

Every state-changing event for US Permissionless Dollar: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

#1publishby system:backfill
2026-05-26 19:42:38Z
Score: ? → ? (no score change)
anchoranchored
chain
●mainnet-betaslot 422,349,699
sig
52Tjpwm31p42…38JG2mdqexplorer ↗
hash
65K16uqr6mXb…Gu67ZaUjsha256 → base58
verifying row…full verify ↗
canonical bytes (5927 B) ▸
{"actor":"system:backfill","investigation_id":"3effd33d-a218-4096-98b5-25c2ac2bf9d1","kind":"publish","page_slug":"us-permissionless-dollar","published_at":"2026-05-26T19:42:38.503Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"US Permissionless Dollar","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://uspd.io/","type":"other","url":""},{"credibility":3,"name":"https://etherscan.io/token/0x476ef9ac6D8673E220d0E8BC0a810C2Dc6A2AA84","type":"other","url":""},{"credibility":3,"name":"https://www.lbank.com/price/us-permissionless-dollar/what-is","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-uspd-hack-december-2025","type":"other","url":""},{"credibility":3,"name":"https://en.cryptonomist.ch/2025/12/05/uspd-stablecoin-proxy-attack/","type":"other","url":""},{"credibility":3,"name":"https://www.cryptotimes.io/2025/12/05/hackers-exploit-uspd-stablecoin-via-proxy-deployment-vulnerability/","type":"other","url":""},{"credibility":3,"name":"https://www.tronweekly.com/uspd-protocol-suffers-exploit-through-cpimp-at/","type":"other","url":""},{"credibility":3,"name":"https://cryptorank.io/news/feed/0db76-uspd-stablecoin-exploit-million","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.nethermind.io/blog/audit-of-uspds-multi-stabilizer-protocol","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-uspd-hack-december-2025","type":"other","url":""},{"credibility":3,"name":"https://etherscan.io/token/0x476ef9ac6D8673E220d0E8BC0a810C2Dc6A2AA84","type":"other","url":""},{"credibility":3,"name":"https://medium.com/@InfyniSec/permissionless-dollar-not-without-safeguards-e3a52dc49ecb","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://uspd.io/blog/path-forward","type":"other","url":""},{"credibility":3,"name":"https://www.cryptotimes.io/2025/12/05/hackers-exploit-uspd-stablecoin-via-proxy-deployment-vulnerability/","type":"other","url":""},{"credibility":3,"name":"https://cryptorank.io/news/feed/0db76-uspd-stablecoin-exploit-million","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://etherscan.io/token/0x476ef9ac6D8673E220d0E8BC0a810C2Dc6A2AA84","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/stablecoin/us-permissionless-dollar","type":"other","url":""},{"credibility":3,"name":"https://www.coinbase.com/price/us-permissionless-dollar","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://medium.com/@InfyniSec/permissionless-dollar-not-without-safeguards-e3a52dc49ecb","type":"other","url":""},{"credibility":3,"name":"https://www.cryptotimes.io/2025/12/05/hackers-exploit-uspd-stablecoin-via-proxy-deployment-vulnerability/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.sec.gov/newsroom/speeches-statements/statement-stablecoins-040425","type":"other","url":""},{"credibility":3,"name":"https://www.cryptotimes.io/2025/12/05/hackers-exploit-uspd-stablecoin-via-proxy-deployment-vulnerability/","type":"other","url":""}]}],"sources_used":[],"summary":"US Permissionless Dollar (USPD) is a decentralized, over-collateralized stablecoin protocol built on Ethereum by Permissionless Technologies, the team behind the Morpher trading platform. In December 2025, the protocol suffered a critical exploit via a clandestine proxy deployment attack — later dubbed CPIMP — that had silently compromised admin privileges since September 2025, resulting in approximately $1 million in losses. The project has undergone audits by Nethermind and Resonance Security but the exploit bypassed audited code by targeting the deployment layer, raising unresolved questions about operational security and the viability of the planned V2 relaunch.","timeline":[{"date":"2024-01-01","event":"Martin Froehler, founder of Morpher, establishes USPD.io / Permissionless Technologies and begins building USPD stablecoin protocol.","source":""},{"date":"2025-09-03","event":"Nethermind Security completes a two-week audit of USPD's Multi-Stabilizer Protocol, identifying 3 critical, 3 high, and 2 medium severity issues; team claims all were remediated.","source":""},{"date":"2025-09-16","event":"USPD deploys proxy contracts to Ethereum mainnet. Attacker front-runs initialization using a Multicall3 transaction, seizing admin privileges via CPIMP attack vector — undetected at time of deployment.","source":""},{"date":"2025-12-04","event":"Attacker activates hidden admin access, minting approximately 98 million USPD tokens without authorization and draining approximately 232-237 stETH from protocol reserves. Estimated loss: ~$1 million.","source":""},{"date":"2025-12-04","event":"Stolen USPD and stETH liquidated for approximately $300,000 USDC via Curve DEX. USPD team publicly discloses exploit, urges users to revoke approvals and avoid purchasing USPD.","source":""},{"date":"2025-12-05","event":"Multiple crypto news outlets including Cryptopolitan, CryptoTimes, Tron Weekly, and Halborn publish exploit analysis. USPD offers attacker 10% whitehat bounty to return 90% of stolen funds.","source":""},{"date":"2025-12-31","event":"USPD publishes 'Path Forward' blog announcing Recovery Token program for ~230 affected holders and targeting V2 relaunch for Q2 2026.","source":""},{"date":"2026-05-26","event":"As of investigation date, USPD V2 has not been independently verified as launched. Token shows 112 holders and near-zero on-chain activity. V1 contract remains effectively inactive.","source":""}]},"v":1}
Verify offline (run on your own machine)
python -m src.verify_decision 1e4ed11c-3343-45ef-a2e7-ee83468c7483

How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.