Close Menu
  • Instructions
  • News
    • DeFi
    • Smart Contract
    • Markets
    • Web3
    • Adoption
    • Memecoins
    • Analysis
    • Mining
    • Scams
    • Security
  • Education
    • Learn
    • Wallets & Exchange
  • Documentaries
  • Videos
    • Alessio Rastani
    • Altcoin Buzz
    • Coin Bureau
    • Dapp University
    • DataDash
    • Digital asset News
    • EllioTrades Crypto
    • MMCrypto
    • Lark Davis
    • Ivan on Tech
    • Benjamin Cowen
  • Market
    • Crypto Market Cap
    • Heat Map
    • Converter
    • Metal Prices
    • Stock prices
  • Bonus Books
  • Tools
What's Hot

Futures Mixed Ahead Of CPI And Warsh Testimony, As IBM Sinks, Bank Earnings Fizzle

July 14, 2026

Bitcoin's BIP-110 sparked a fight over who gets to decide the future of Bitcoin

July 14, 2026

Stacking DAO Introduces Liquid Bitcoin Staking

July 14, 2026
Facebook X (Twitter) Instagram
Recession Profit AlertsRecession Profit Alerts
  • Instructions
  • News
    • DeFi
    • Smart Contract
    • Markets
    • Web3
    • Adoption
    • Memecoins
    • Analysis
    • Mining
    • Scams
    • Security
  • Education
    • Learn
    • Wallets & Exchange
  • Documentaries
  • Videos
    • Alessio Rastani
    • Altcoin Buzz
    • Coin Bureau
    • Dapp University
    • DataDash
    • Digital asset News
    • EllioTrades Crypto
    • MMCrypto
    • Lark Davis
    • Ivan on Tech
    • Benjamin Cowen
  • Market
    • Crypto Market Cap
    • Heat Map
    • Converter
    • Metal Prices
    • Stock prices
  • Bonus Books
  • Tools
Recession Profit AlertsRecession Profit Alerts
Home»Security»StakeDAO exploit creates 5.4 trillion vsdCRV but nets only $91K
Security

StakeDAO exploit creates 5.4 trillion vsdCRV but nets only $91K

May 28, 2026No Comments2 Mins Read

An attacker minted more than 5.4 trillion vsdCRV on Arbitrum after a suspected compromise of a StakeDAO-linked deployer key, though thin liquidity limited the realized proceeds to about $91,000.

Blockchain security firm PeckShield said Wednesday the attacker swapped part of the minted vsdCRV for 43.7 Ether (ETH), worth about $91,000, and bridged the funds to Ethereum. Onchain analyst EmberCN said the attacker swapped about 16.83 million vsdCRV, while the remaining tokens had little meaningful liquidity to exit.

EmberCN estimated the 5.4 trillion vsdCRV at about $763 billion on paper, though the figure does not represent the attacker’s realized profit or the protocol’s confirmed loss.

The incident highlights the gap between nominal token values and extractable value in decentralized finance exploits, where attackers can mint enormous token amounts but only cash out what available liquidity allows. In this case, the attacker’s proceeds were limited by the small size of vsdCRV liquidity pools.

StakeDAO said it was aware of the incident and warned its users not to interact with vsdCRV.

Stake DAO said it was aware of the incident. Source: Stake DAO

Incident points to a deployer-key compromise

Shalev Keren, chief product officer and co-founder of crypto key-management firm Sodot, told Cointelegraph that the StakeDAO incident was “structurally similar” to other deployer-key compromises seen this year, including the Wasabi incident last month, which drained about $5.5 million in crypto.

Keren said a single StakeDAO deployer key on Arbitrum was used to repoint the vsdCRV cross-chain bridge configuration to an attacker-controlled contract on Ethereum. About 25 seconds later, that contract sent a LayerZero message back to Arbitrum, causing the legitimate Arbitrum token to mint more than 5 trillion vsdCRV to the attacker.

See also  This AI Agent Survived 6,000 Hack Attempts—Here’s How

“There is no smart contract bug here and no flaw in LayerZero,” Keren said. “There is one private key, controlling one privileged configuration function, with no multi-signature and no delay between the configuration change going through and the mint clearing onchain.”

Keren said the broader issue for DeFi protocols in 2026 is no longer only whether contracts are audited, but whether the operational keys behind those contracts remain single points of failure.

Source link

91K creates Exploit nets StakeDAO Trillion vsdCRV

Related Posts

Cape Town Seizes Luxury Mercedes Tied to Crypto Investment Scams

July 14, 2026

Hacker Uses Stolen Robinhood Founder Wallet to Orchestrate Memecoin Pump-and-Dump

July 14, 2026

Hackers use SpaceXAI, Starlink X accounts to pump SCATMAN: Token crashes 98%

July 14, 2026

3 crypto attacks in 24 hours – From fake apps to a $14.2M SOL theft

July 13, 2026
Top Posts

Ripple turns to AI to stress-test the XRP Ledger as institutional use cases scale

March 28, 2026

Elliptic Raises $120 Million in Series D Led by One Peak and Nasdaq

May 12, 2026

Official Shiba Inu Scam Alert Issues New Warning

October 14, 2023

Type above and press Enter to search. Press Esc to cancel.