The Path Forward: USPD V2 and Making Our Community Whole

The CPIMP attack on December 4th, 2025 was a devastating blow. Not just to our protocol, but to the trust our community placed in us. We’ve spent the past days with forensic analysis, but also with strategic planning. Today, we’re ready to share our comprehensive plan to move forward.

This is not the end of USPD. This is the beginning of what USPD was always meant to be.

Lessons from the Field: What We Learned Running USPD V1

The months of operating USPD V1 in production taught us valuable lessons about what it takes to build a stablecoin that works in the real world of DeFi.

The Native Yield Paradox

USPD was an industry first: a stablecoin that natively yields. Your balance grows automatically—no staking, no wrapping, no claiming. We envisioned this as the future of money: a “bank account” where normies could watch their savings grow without any DeFi complexity.

The reality was more complicated.

While native yield is perfect for end users holding USPD in their wallets, it created significant friction with DeFi protocols. Uniswap, Aave, and virtually every vault or AMM tracks balances through internal ledgers. When your token balance changes without a transfer event, these protocols break or behave unexpectedly.

We were actively developing a wrapped USPD token as an overlay solution, but this added complexity and fragmented liquidity. For V2, we’re redesigning the architecture so that DeFi compatibility is built into the core system, not bolted on afterward.

Business Development & Adoption Realities

Beyond the technical lessons, we learned hard truths about go-to-market:

• Liquidity bootstrapping is harder than building the protocol itself
• DeFi integrations require tokens that play nicely with existing infrastructure
• User education around a new stablecoin model takes time and trust
• Institutional interest exists, but requires battle-tested contracts and clear regulatory positioning

These lessons—from the hack, from DeFi integration challenges, from business development—are all being poured into USPD V2.

Step 1: Recovery Tokens for Affected Holders

We’re introducing USPD Recovery Tokens as a way to include affected holders in the future of the protocol.

How It Works

1. Snapshot & Distribution: We have complete snapshots of all USPD balances immediately before the exploit. Every affected holder will receive recovery tokens proportional to their USPD holdings at the time of the incident.

2. Future Participation: These recovery tokens represent your connection to the protocol going forward. As USPD V2 generates revenue and grows, recovery token holders will be able to participate in protocol benefits. The specific mechanisms will be detailed as V2 development progresses.

3. Dedicated Recovery Pool: A separate pool—distinct from the community treasury—will be funded from future protocol activity. This pool is dedicated to affected holders.

Why This Approach

With ~230 affected holders, this is a manageable community we can work with directly. We’re not hiding behind legal structures or abandoning our users. We’re creating a transparent mechanism that keeps affected holders connected to the protocol’s future success.

We want to see our community benefit as we rebuild.

Step 2: USPD V2 — Built Different

The exploit and our operational experience forced us to confront architectural decisions we had been wrestling with. USPD V2 isn’t just a redeployment—it’s a fundamental reimagining informed by everything we learned.

Simplified, Modular Architecture

During the development of stUSPD (our higher-yield offering that was mid-audit when the hack occurred), we identified several architectural pain points:

We’re taking everything we learned—from the hack, from DeFi integrations, from user feedback—and building it right this time.

Privacy by Default

We’re exploring integration with privacy solutions like Railgun from day one. Financial privacy isn’t a feature—it’s a right. USPD V2 will offer sensible privacy defaults for transactions, protecting users without compromising on compliance where necessary.

Step 3: Community-First Governance

Two Separate Pools

USPD V2 will feature two distinct funding mechanisms:

1. Recovery Pool: A dedicated pool funded from protocol activity, focused on affected V1 holders. This pool operates independently and is prioritized in our planning.

2. Community Treasury: A separate treasury system governed by future token holders for protocol development, grants, and community initiatives.

This separation ensures clarity about how protocol resources are allocated.

Exclusive Holder Community

We’re creating a dedicated Telegram group exclusively for affected USPD holders and early V2 participants. This isn’t just another announcement channel—it’s a direct line to the team where you can:

• Ask questions and get real answers
• Provide feedback on V2 development
• Rant if you need to (we deserve it)
• Be the first to know about developments
• Shape the future of the protocol

Access will be gated by wallet signature verification—no invite links that can be shared. If you held USPD, you’re in. Period.

Timeline & Next Steps

Timelines are estimates and may adjust based on audit findings and security considerations.

A Message to Our Community

We could have walked away. Many projects have, after far less devastating events.

But we believe in what we’re building. The world needs a truly decentralized, transparent, permissionless dollar—one that doesn’t rely on banks, doesn’t require trust in centralized entities, and can’t be frozen or seized.

The CPIMP attack didn’t invalidate that mission. If anything, it reinforced why decentralization matters. We were attacked not because our smart contract logic was flawed—our audits confirmed the code was sound—but because the deployment process had a vulnerability that we were not aware of, and not made aware of.

We’ve learned from the hack. We’ve learned from running USPD in production. We’ve learned from every failed integration, every user complaint, every late-night debugging session. And we’re coming back stronger.

To the ~230 holders who trusted us with your capital: We see you. We’re not abandoning you. The recovery tokens represent our commitment to keeping you connected to the protocol’s future.

To the broader community: Watch what we build next. USPD V2 will be the stablecoin we always envisioned—fully decentralized, privacy-respecting, and community-governed.

To the attacker: The whitehat offer remains open. But the clock is ticking, and our investigation continues.

Stay Connected

• Twitter/X: @USPD_io 
• Discord: discord.gg/uspd 
• Holder Telegram: Coming soon (wallet-gated access)

We’ll be publishing regular updates on V2 development, recovery token distribution progress, and recovery pool status. Transparency got us here, and transparency will carry us forward.

The path forward isn’t easy. But it’s clear. And we’re walking it together.

— The USPD Team