Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
According to monitoring by SlowMist, Usual Protocol suffered a sophisticated arbitrage attack. The attacker exploited a price discrepancy between the protocol’s internal mechanisms and external markets. The core issue lay in the Vault system, which allowed a fixed 1:1 exchange between USD0++ and USD0—despite the two tokens trading at different prices on decentralized exchanges. The attacker strategically created a custom liquidity pool and manipulated the transaction path to trick the Vault into releasing USD0 tokens without receiving the expected sUSDS collateral. These USD0 tokens were then sold on external markets at prices higher than the internal rate, allowing the attacker to profit through arbitrage. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 42,800.
- chain
- —
- protocol
- Usual Protocol
- bug_class
- logic
- date_occurred
- 2025-05-27
- loss_usd
- $42,800
- source_id
- sm:usual-protocol::2025-05-27