Verify a decision

{"actor":"system:backfill","investigation_id":"3effd33d-a218-4096-98b5-25c2ac2bf9d1","kind":"publish","page_slug":"us-permissionless-dollar","published_at":"2026-05-26T19:42:38.503Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"US Permissionless Dollar","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://uspd.io/","type":"other","url":""},{"credibility":3,"name":"https://etherscan.io/token/0x476ef9ac6D8673E220d0E8BC0a810C2Dc6A2AA84","type":"other","url":""},{"credibility":3,"name":"https://www.lbank.com/price/us-permissionless-dollar/what-is","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-uspd-hack-december-2025","type":"other","url":""},{"credibility":3,"name":"https://en.cryptonomist.ch/2025/12/05/uspd-stablecoin-proxy-attack/","type":"other","url":""},{"credibility":3,"name":"https://www.cryptotimes.io/2025/12/05/hackers-exploit-uspd-stablecoin-via-proxy-deployment-vulnerability/","type":"other","url":""},{"credibility":3,"name":"https://www.tronweekly.com/uspd-protocol-suffers-exploit-through-cpimp-at/","type":"other","url":""},{"credibility":3,"name":"https://cryptorank.io/news/feed/0db76-uspd-stablecoin-exploit-million","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.nethermind.io/blog/audit-of-uspds-multi-stabilizer-protocol","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-uspd-hack-december-2025","type":"other","url":""},{"credibility":3,"name":"https://etherscan.io/token/0x476ef9ac6D8673E220d0E8BC0a810C2Dc6A2AA84","type":"other","url":""},{"credibility":3,"name":"https://medium.com/@InfyniSec/permissionless-dollar-not-without-safeguards-e3a52dc49ecb","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://uspd.io/blog/path-forward","type":"other","url":""},{"credibility":3,"name":"https://www.cryptotimes.io/2025/12/05/hackers-exploit-uspd-stablecoin-via-proxy-deployment-vulnerability/","type":"other","url":""},{"credibility":3,"name":"https://cryptorank.io/news/feed/0db76-uspd-stablecoin-exploit-million","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://etherscan.io/token/0x476ef9ac6D8673E220d0E8BC0a810C2Dc6A2AA84","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/stablecoin/us-permissionless-dollar","type":"other","url":""},{"credibility":3,"name":"https://www.coinbase.com/price/us-permissionless-dollar","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://medium.com/@InfyniSec/permissionless-dollar-not-without-safeguards-e3a52dc49ecb","type":"other","url":""},{"credibility":3,"name":"https://www.cryptotimes.io/2025/12/05/hackers-exploit-uspd-stablecoin-via-proxy-deployment-vulnerability/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.sec.gov/newsroom/speeches-statements/statement-stablecoins-040425","type":"other","url":""},{"credibility":3,"name":"https://www.cryptotimes.io/2025/12/05/hackers-exploit-uspd-stablecoin-via-proxy-deployment-vulnerability/","type":"other","url":""}]}],"sources_used":[],"summary":"US Permissionless Dollar (USPD) is a decentralized, over-collateralized stablecoin protocol built on Ethereum by Permissionless Technologies, the team behind the Morpher trading platform. In December 2025, the protocol suffered a critical exploit via a clandestine proxy deployment attack — later dubbed CPIMP — that had silently compromised admin privileges since September 2025, resulting in approximately $1 million in losses. The project has undergone audits by Nethermind and Resonance Security but the exploit bypassed audited code by targeting the deployment layer, raising unresolved questions about operational security and the viability of the planned V2 relaunch.","timeline":[{"date":"2024-01-01","event":"Martin Froehler, founder of Morpher, establishes USPD.io / Permissionless Technologies and begins building USPD stablecoin protocol.","source":""},{"date":"2025-09-03","event":"Nethermind Security completes a two-week audit of USPD's Multi-Stabilizer Protocol, identifying 3 critical, 3 high, and 2 medium severity issues; team claims all were remediated.","source":""},{"date":"2025-09-16","event":"USPD deploys proxy contracts to Ethereum mainnet. Attacker front-runs initialization using a Multicall3 transaction, seizing admin privileges via CPIMP attack vector — undetected at time of deployment.","source":""},{"date":"2025-12-04","event":"Attacker activates hidden admin access, minting approximately 98 million USPD tokens without authorization and draining approximately 232-237 stETH from protocol reserves. Estimated loss: ~$1 million.","source":""},{"date":"2025-12-04","event":"Stolen USPD and stETH liquidated for approximately $300,000 USDC via Curve DEX. USPD team publicly discloses exploit, urges users to revoke approvals and avoid purchasing USPD.","source":""},{"date":"2025-12-05","event":"Multiple crypto news outlets including Cryptopolitan, CryptoTimes, Tron Weekly, and Halborn publish exploit analysis. USPD offers attacker 10% whitehat bounty to return 90% of stolen funds.","source":""},{"date":"2025-12-31","event":"USPD publishes 'Path Forward' blog announcing Recovery Token program for ~230 affected holders and targeting V2 relaunch for Q2 2026.","source":""},{"date":"2026-05-26","event":"As of investigation date, USPD V2 has not been independently verified as launched. Token shows 112 holders and near-zero on-chain activity. V1 contract remains effectively inactive.","source":""}]},"v":1}