QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$43 000 USD
MAY 2025
GLOBAL
USUAL MONEY
DESCRIPTION OF EVENTS
Usual Money is a decentralized protocol aiming to disrupt the traditional stablecoin and banking model by redistributing value back to its community. Unlike conventional stablecoin issuers that centralize profits, Usual gives users ownership through its governance token, $USUAL, which shares in the protocol's revenue and decision-making.
At the heart of Usual are its core products: USD0, a fully collateralized stablecoin backed by short-term U.S. Treasury Bills; USD0++, a liquid staking version offering yield with a 4-year lock-up; and $USUAL, the revenue-based governance token. The protocol currently holds over $12.25M in TVL, generates $630M+ in yearly protocol revenue, and offers up to 97% APY to $USUAL stakers.
Usual emphasizes security and decentralization, partnering with top audit firms like Spearbit, Halborn, and Sherlock. It integrates across leading DeFi platforms and operates transparently, backed by real-world assets and an insurance fund. Ultimately, Usual is building a user-owned financial ecosystem that blends the safety of traditional finance with the openness and innovation of DeFi.
Unfortunately, a vulnerability in the Usual Money protocol arose because its Vault system allowed USD0++ and USD0 tokens to be swapped internally at a fixed 1:1 rate, despite these tokens having different market prices on external decentralized exchanges. This price discrepancy created an exploit opportunity where users could profit by exchanging tokens within the protocol at an unfairly fixed rate compared to their true market values.
On May 27th, a user exploited a situational vulnerability in the USD0++ deposit path of the usUSDS++ Vault, a beta product built on Sky Protocol. This vault enables users to earn stacked yields from both Sky’s sUSDS stablecoin and Usual’s rewards by depositing USD0++.
The exploit centered on the unwrapping process, where USD0++ is converted to USD0 during deposits. By manipulating the vault’s capped and limited conversion mechanism, the attacker was able to execute an arbitrage strategy and extract approximately $42,800 in profit.
On Twitter/X, Usual Money reported the incident as "an $43k arbitration exploit". The "Sky Vault Arbitrage Recap" reports the profit from the exploit as "~$42.8K via arbitrage".
The exploit was arbitrage-based, not a traditional hack, meaning the attacker leveraged a design oversight rather than breaching the system or stealing from users. The loss was absorbed at the protocol or vault level, not by individuals.
Thanks to the vault’s capped architecture and automated monitoring systems, the exploit was quickly contained. The vault paused automatically to prevent further abuse, and no core contracts or user funds were affected. The incident highlighted the effectiveness of the system’s safeguards in isolating and limiting the impact of such vulnerabilities.
The exploit was a targeted arbitrage opportunity within a limited mechanism, effectively mitigated by the protocol’s safeguards, demonstrating the resilience of its vault architecture. The outcome of the USDS Vault exploit was relatively contained and had no impact on user funds or the broader Usual protocol.
The exploit was arbitrage-based, not a traditional hack, meaning the attacker leveraged a design oversight rather than breaching the system or stealing from users. The loss was absorbed at the protocol or vault level, not by individuals.
The affected USDS Sync Vault remains paused, though Usual has said it will be re-enabled soon. Before reactivation, the team may update contract logic, improve caps/guards, or add new protections to prevent similar arbitrage attacks.
Usual is likely conducting internal audits and architecture reviews across other vaults to ensure no similar edge cases exist elsewhere. Adjustments to deposit routing logic and unwrap mechanics could be in progress.
Usual is maintaining public updates via Twitter/X and its documentation.
Usual Money is a decentralized protocol redefining stablecoins by giving users ownership and revenue-sharing through its $USUAL governance token. Its core products include USD0, a fully collateralized stablecoin backed by U.S. Treasury Bills, and USD0++, a liquid staking version offering yield. On May 27th, a user exploited a design edge case in the USD0++ deposit process of the usUSDS++ Vault, profiting about $42,800 via arbitrage due to a fixed 1:1 token swap rate that didn’t reflect market prices. Thanks to built-in caps and monitoring, the exploit was contained quickly with no user funds lost. The affected vault remains paused but is expected to reopen after updates and ongoing security reviews, with Usual providing transparent communication throughout.
SlowMist - "The @usualmoney protocol experienced a sophisticated arbitrage attack. Analysis reveals that the attacker exploited a price discrepancy between the protocol's internal mechanisms and external markets. The core issue stemmed from the usual Vault system, which allowed USD0++ and USD0 tokens to be exchanged at a fixed 1:1 ratio, while these same tokens traded at different prices on external decentralized exchanges." - Twitter/X (May 29)
Usual Money - "On the 27th of May one of Usuals USD0++ Investment vaults has suffered from an $43k arbitration exploit that abused a capped way of unwrapping USD0++ into USD0 while depositing into the investment fund." - Twitter/X (May 29)
Usual Money - "The vault concerned is the USDS Sync Vault, not the Lagoon Vaults as some have incorrectly stated. Funds are SAFU. A full post-mortem will be published shortly." - Twitter/X (May 29)
Usual Money - "The full recap is now live. We break down what happened and how Usual's built-in safeguards kicked in exactly as designed. Transparency first, always." - Twitter/X (May 29)
Sky Vault Arbitrage Recap: Contained and Controlled - Usual Money Blog (May 29)
Usual (Sep 27)
Usual Vaults - Usual Money Docs (May 29)
