Usual Money USDS Sync Vault Pricing Arbitrage Exploit
Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
Usual Money is a decentralized protocol redefining stablecoins by giving users ownership and revenue-sharing through its $USUAL governance token. Its core products include USD0, a fully collateralized stablecoin backed by U.S. Treasury Bills, and USD0++, a liquid staking version offering yield. On May 27th, a user exploited a design edge case in the USD0++ deposit process of the usUSDS++ Vault, profiting about $42,800 via arbitrage due to a fixed 1:1 token swap rate that didn’t reflect market prices. Thanks to built-in caps and monitoring, the exploit was contained quickly with no user funds lost. The affected vault remains paused but is expected to reopen after updates and ongoing security reviews, with Usual providing transparent communication throughout.[1][2][3][4][5][6][7]
About Usual Money
Usual Money is a decentralized protocol aiming to disrupt the traditional stablecoin and banking model by redistributing value back to its community. Unlike conventional stablecoin issuers that centralize profits, Usual gives users ownership through its governance token, $USUAL, which shares in the protocol's revenue and decision-making.
At the heart of Usual are its core products: USD0, a fully collateralized stablecoin backed by short-term U.S. Treasury Bills; USD0++, a liquid staking version offering yield with a 4-year lock-up; and $USUAL, the revenue-based governance token. The protocol currently holds over $12.25M in TVL, generates $630M+ in yearly protocol revenue, and offers up to 97% APY to $USUAL stakers.
Usual emphasizes security and decentralization, partnering with top audit firms like Spearbit, Halborn, and Sherlock. It integrates across leading DeFi platforms and operates transparently, backed by real-world assets and an insurance fund. Ultimately, Usual is building a user-owned financial ecosystem that blends the safety of traditional finance with the openness and innovation of DeFi.
About USDS Sync Vault
The USDS Vault is part of the broader Usual Vaults system, designed to enhance the utility and yield potential of USD0++, a yield-bearing version of Usual’s stablecoin. Instead of needing to convert or move assets to other platforms for returns, users can deposit USD0++ directly into curated Vaults that integrate with external DeFi strategies, enabling both passive USUAL rewards and additional yield from underlying investments. This design helps retain liquidity within the Usual ecosystem and strengthens demand for USD0++.
The Vault system operates through an epoch-based process. When users deposit, their USD0++ is unwrapped into USD0 and placed into a secure silo. A curator—responsible for managing strategy selection and fair pricing—then settles the deposits and mints Vault shares based on current asset valuations. Withdrawals follow a similar phased approach, with assets and accrued yield returned as USD0++.
Vaults offer dual income streams: (1) standard USUAL token rewards tied to USD0++ staking, and (2) strategy-based yields from investments like sUSDe or stUSR. Yields above a set benchmark (e.g., 4% APR) are shared between users and the DAO after applying a performance fee (typically 20%). For instance, if the strategy yields 9% and the USD0++ APR is 15%, a user could earn an additional 4% on top of their base rewards.
However, Vault participation comes with increased risks, including smart contract vulnerabilities, market exposure from DeFi strategies, and potential counterparty failures on platforms integrated with the strategies. Users are encouraged to weigh these risks against the potential for higher returns when engaging with the USDS Vault or any Usual Vault strategy.
Although still in beta, the affected vault underwent several security audits to ensure its robustness prior to launch. These included reviews by Spearbit in January and April 2025, and Halborn in January 2025—both of which focused on the architecture and routing logic of the USD0++ Vault. Additionally, a security competition was hosted on Cantina in March 2025 to further test the system under real-world scrutiny.
These layered audits were aimed at identifying potential vulnerabilities and strengthening the protocol’s defenses. The exploit that occurred did not stem from flawed contract logic, but rather from a behavioral edge case that was difficult to predict in advance.
Thanks to built-in safeguards such as conversion caps and automated guards, the system was able to limit the exploit’s scope and prevent broader impact. These measures proved essential in protecting user funds and ensuring the protocol's stability during the incident.
The Reality
Unfortunately, a vulnerability in the Usual Money protocol arose because its Vault system allowed USD0++ and USD0 tokens to be swapped internally at a fixed 1:1 rate, despite these tokens having different market prices on external decentralized exchanges. This price discrepancy created an exploit opportunity where users could profit by exchanging tokens within the protocol at an unfairly fixed rate compared to their true market values.
What Happened
An attacker exploited a capped unwrap mechanism in the USDS Sync Vault's deposit path to execute an arbitrage strategy, profiting around $42,800 without affecting user funds.
| Date | Event | Description |
|---|---|---|
| May 27th, 2025 12:31:59 PM MDT | Time Of Exploit | The reported time of the exploit. |
| May 28th, 2025 12:37:00 AM MDT | Usual Money Posts Update | Usual Money posts on Twitter/X to inform the community transparently of the event. Usual Money reported that on May 27th, one of its USD0++ investment vaults was exploited for $43,000 through an arbitrage attack involving a capped unwrapping mechanism from USD0++ to USD0 during fund deposits. They confirmed that no user funds were impacted, no money was lost, and the core protocol remains active. The affected vault will be re-enabled shortly. |
| May 28th, 2025 1:26:00 AM MDT | SlowMist Posts Tweet | SlowMist posts a tweet about the situation. |
| May 28th, 2025 5:24:00 AM MDT | Clarification On Which Vault | Usual Money posts on Twitter/X to clarify that the affected vault was the USDS Sync Vault, not the Lagoon Vaults as some have mistakenly reported. They emphasized that all funds are SAFU and confirmed that a full post-mortem will be released soon. |
| May 28th, 2025 7:37:00 AM MDT | Full Analysis Tweet Published | Usual Money posts a tweet to advertise their article they made to "break down what happened and how Usual's built-in safeguards kicked in exactly as designed". |
Technical Details
On May 27th, a user exploited a situational vulnerability in the USD0++ deposit path of the usUSDS++ Vault, a beta product built on Sky Protocol. This vault enables users to earn stacked yields from both Sky’s sUSDS stablecoin and Usual’s rewards by depositing USD0++.
The exploit centered on the unwrapping process, where USD0++ is converted to USD0 during deposits. By manipulating the vault’s capped and limited conversion mechanism, the attacker was able to execute an arbitrage strategy and extract approximately $42,800 in profit.
Total Amount Lost
On Twitter/X, Usual Money reported the incident as "an $43k arbitration exploit". The "Sky Vault Arbitrage Recap" reports the profit from the exploit as "~$42.8K via arbitrage".
The exploit was arbitrage-based, not a traditional hack, meaning the attacker leveraged a design oversight rather than breaching the system or stealing from users. The loss was absorbed at the protocol or vault level, not by individuals.
The total amount lost has been estimated at $43,000 USD.
Immediate Reactions
Thanks to the vault’s capped architecture and automated monitoring systems, the exploit was quickly contained. The vault paused automatically to prevent further abuse, and no core contracts or user funds were affected. The incident highlighted the effectiveness of the system’s safeguards in isolating and limiting the impact of such vulnerabilities.
Ultimate Outcome
The exploit was a targeted arbitrage opportunity within a limited mechanism, effectively mitigated by the protocol’s safeguards, demonstrating the resilience of its vault architecture. The outcome of the USDS Vault exploit was relatively contained and had no impact on user funds or the broader Usual protocol.
Total Amount Recovered
The exploit was arbitrage-based, not a traditional hack, meaning the attacker leveraged a design oversight rather than breaching the system or stealing from users. The loss was absorbed at the protocol or vault level, not by individuals.
There do not appear to have been any funds recovered in this case.
Ongoing Developments
The affected USDS Sync Vault remains paused, though Usual has said it will be re-enabled soon. Before reactivation, the team may update contract logic, improve caps/guards, or add new protections to prevent similar arbitrage attacks.
Usual is likely conducting internal audits and architecture reviews across other vaults to ensure no similar edge cases exist elsewhere. Adjustments to deposit routing logic and unwrap mechanics could be in progress.
Usual is maintaining public updates via Twitter/X and its documentation.
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ SlowMist - "The @usualmoney protocol experienced a sophisticated arbitrage attack. Analysis reveals that the attacker exploited a price discrepancy between the protocol's internal mechanisms and external markets. The core issue stemmed from the usual Vault system, which allowed USD0++ and USD0 tokens to be exchanged at a fixed 1:1 ratio, while these same tokens traded at different prices on external decentralized exchanges." - Twitter/X (Accessed May 29, 2025)
- ↑ Usual Money - "On the 27th of May one of Usuals USD0++ Investment vaults has suffered from an $43k arbitration exploit that abused a capped way of unwrapping USD0++ into USD0 while depositing into the investment fund." - Twitter/X (Accessed May 29, 2025)
- ↑ Usual Money - "The vault concerned is the USDS Sync Vault, not the Lagoon Vaults as some have incorrectly stated. Funds are SAFU. A full post-mortem will be published shortly." - Twitter/X (Accessed May 29, 2025)
- ↑ Usual Money - "The full recap is now live. We break down what happened and how Usual's built-in safeguards kicked in exactly as designed. Transparency first, always." - Twitter/X (Accessed May 29, 2025)
- ↑ Sky Vault Arbitrage Recap: Contained and Controlled - Usual Money Blog (Accessed May 29, 2025)
- ↑ Usual (Accessed Sep 27, 2024)
- ↑ Usual Vaults - Usual Money Docs (Accessed May 29, 2025)