Cryip
  • Home
  • News
  • Research & Analysis
  • Reviews & Comparisons
  • Learn Crypto
  • Features
  • Events
No Result
View All Result
Cryip
  • Home
  • News
  • Research & Analysis
  • Reviews & Comparisons
  • Learn Crypto
  • Features
  • Events
No Result
View All Result
Cryip
No Result
View All Result
Home News Security & Hacks

StakeDAO Hit by Major Exploit on Arbitrum, Attacker Mints 5.4 Trillion vsdCRV Tokens

A compromised deployer key enabled an attacker to mint 5.4 trillion fake vsdCRV tokens on Arbitrum and swap part of the funds for ETH before bridging them to Ethereum.

Saravana Kumar Mahendran by Saravana Kumar Mahendran
May 27, 2026
in Security & Hacks
0 0
StakeDAO Hit by Major Exploit

Created By Cryip

Share on FacebookShare on Twitter
MakeCryipCryippreferred onGoogle

StakeDAO, a prominent yield optimization protocol, has become the latest victim of a significant security breach on the Arbitrum network. An attacker exploited a compromised deployer private key to mint approximately 5.446 trillion vsdCRV tokens, later swapping a portion for around 43.78 ETH (roughly $91,000) and bridging the funds to Ethereum.

The incident was first flagged by blockchain security platform Blockaid, which detected the unauthorized activity in real time. According to on-chain records, the attacker gained access to the StakeDAO deployer address 0x000755Fbe4A24d7478bfcFC1E561AfCE82d1ff62. They then reconfigured the LayerZero v2 OFT peer setting on the vsdCRV contract, redirecting it to a malicious contract under their control. This allowed the forging of a cross-chain message that triggered the massive unauthorized mint from the zero address.

🚨 Blockaid detected an ongoing exploit targeting@StakeDAOHQ on Arbitrum.

The attacker just minted over 5.4 trillion vsdCRV and is actively swapping it for ETH.

More details in 🧵

— Blockaid (@blockaid_) May 27, 2026

The attacker quickly moved to liquidate the newly minted tokens through decentralized exchanges before bridging the extracted ETH to the Ethereum mainnet. The primary attacker wallet on Ethereum is reported as 0xeF3C054d8F7eD0a7D61c8da56ff55F090577aa25.

Root Cause Appears to Be Key Compromise

Investigations indicate the breach stemmed from a private key compromise rather than a vulnerability in the core smart contract code. The deployer address had reportedly been operating as a hot key in automated infrastructure, which may have increased its exposure.

StakeDAO has advised users to avoid interacting with vsdCRV tokens for the time being. The protocol’s overall Total Value Locked (TVL) stands at approximately $151 million, with only a relatively small portion directly exposed on Arbitrum.

Related Story

Suspected Hedera DeFi Hack Moves $5.8 Million to Ethereum

Bonzo Lend Oracle Exploit Triggers Cross-Chain Fund Transfers on Hedera

July 11, 2026
CodexField on BNB Chain Faces Rug Pull Allegations

BNB Chain Project CodexField Faces Rug Pull Claims After Abnormal Fund Transfers

July 10, 2026

Implications for DeFi Security

This exploit adds to a growing list of incidents in 2026 that highlight persistent challenges around private key management and operational security in decentralized finance. Even projects with strong reputations and multiple audits continue to face risks when critical keys are not properly secured through multisignature setups or cold storage.

Users who have interacted with StakeDAO contracts on Arbitrum are strongly recommended to revoke token approvals as a precautionary step.

This report is compiled independently from publicly available on-chain data and initial disclosures. Further updates are expected once StakeDAO publishes a detailed post-mortem on the incident.

Disclaimer: Cryip is an independent media and research outlet providing news, data, and analysis on the cryptocurrency industry. Content is for informational and research purposes only and does not constitute financial, legal, tax, or investment advice. Cryptocurrency markets are volatile and past performance is not indicative of future results. References to specific assets, platforms, or incidents are for journalistic purposes only and do not imply endorsement, and readers assume full responsibility for their decisions.
Tags: Crypto Hacks

Related Posts

Suspected Hedera DeFi Hack Moves $5.8 Million to Ethereum
Security & Hacks

Bonzo Lend Oracle Exploit Triggers Cross-Chain Fund Transfers on Hedera

by Saravana Kumar Mahendran
July 11, 2026

A Bonzo Lend oracle verification exploit allowed an attacker to borrow approximately $9.05 million using a manipulated SAUCE price before...

Read moreDetails
CodexField on BNB Chain Faces Rug Pull Allegations

BNB Chain Project CodexField Faces Rug Pull Claims After Abnormal Fund Transfers

July 10, 2026
Hackers Target Injective Wallet Keys Through Compromised npm Package

Malicious Injective SDK Package Targets Private Keys and Seed Phrases

July 10, 2026
Ethereum User Loses Nearly $1 Million USDT in Phishing Token Approval Exploit

Phishing Approval Drains 999K USDT From Ethereum Wallet

July 9, 2026
Ctrl Wallet to Permanently Shut Down

Ctrl Wallet to Permanently Shut Down on August 3 After Cardano Security Exploit

July 7, 2026
Trader Loses $2M After ETH Swap to LIT Routes Through AVAIL Pool

Trader Loses $2M After ETH Swap to LIT Routes Through AVAIL Pool

July 7, 2026
Web3 Security Losses Hit $1.31 Billion

Web3 Security Losses Hit $1.31 Billion in H1 2026 as Drift Protocol Hack Tops $285M

July 7, 2026
Next Post
Polymarket Faces Growing Pressure to Expand KYC as Global Compliance Risks Escalate

Polymarket Faces Growing Pressure to Expand KYC as Global Compliance Risks Escalate

Google Engineer Accused

Google Engineer Accused of Using Internal Search Data to Win $1.2 Million on Polymarket

Recommended

  • All
  • News
Former Meta Engineer Says Quantum Computing and Miner Incentives Are Bitcoin's Biggest Long-Term Risks

Former Meta Engineer Says Quantum Computing and Miner Incentives Are Bitcoin’s Biggest Long-Term Risks

July 11, 2026
Vitalik Buterin Urges Elon Musk to Transform X Into a Platform for AI Governance

Vitalik Buterin Urges Elon Musk to Transform X Into a Platform for AI Governance

July 11, 2026
Ethereum Uses Just 7.87 GWh of Electricity Annually After The Merge, Cambridge Study Finds

Ethereum Uses Just 7.87 GWh of Electricity Annually After The Merge, Cambridge Study Finds

July 11, 2026
DOJ Moves to End BitClub Founder’s $722 Million Crypto Fraud Case

DOJ Moves to End BitClub Founder’s $722 Million Crypto Fraud Case

July 11, 2026
DOJ Moves to End BitClub Founder’s $722 Million Crypto Fraud Case

DOJ Moves to End BitClub Founder’s $722 Million Crypto Fraud Case

July 11, 2026
AI Agents Now Have a New Internet Court to Settle Disputes

AI Agents Now Have a New Internet Court to Settle Disputes

July 10, 2026
Ledger Researchers Disclose Tangem Card Flaw

Ledger Researchers Reveal Laser Flaw in Tangem Cards as Firm Downplays User Risk

July 10, 2026
Circle Receives Final OCC Approval to Launch National Trust Bank

Circle Wins Federal Approval to Launch Regulated Digital Asset Trust Bank

July 10, 2026

Cryip focuses on crypto research and on-chain analysis, supported by coverage of markets, regulation, security events, and blockchain ecosystems.

Recent Posts

  • BingX launches the BingX Visa Debit Card, bridging digital assets and everyday payments
  • Bonzo Lend Oracle Exploit Triggers Cross-Chain Fund Transfers on Hedera
  • Former Meta Engineer Says Quantum Computing and Miner Incentives Are Bitcoin’s Biggest Long-Term Risks

Categories

  • AI × Crypto
  • Data & Dashboards
  • DeFi Basics
  • Investing Basics
  • Market & Price
  • Market Updates
  • On-Chain Analysis
  • OpSec
  • Policy & Regulation
  • Post Mortems
  • Press Release
  • Reports
  • Scams & Fraud
  • Security & Hacks
  • Stablecoins
  • Tokenomics
  • VC & Funding
  • Wallets & Custody

Company

  • About Us
  • Contact Us
  • Editorial Standards & Integrity
  • Our Team
  • Privacy Policy
  • Review Methodology
  • Terms and Conditions
  • Trust, Disclosures & Independence

© 2026 Cryip - Research-Driven Crypto Analysis & News by Hashlays.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

No Result
View All Result
  • Home
  • News
  • Research & Analysis
  • Reviews & Comparisons
  • Learn Crypto
  • Features
  • Events

© 2026 Cryip - Research-Driven Crypto Analysis & News by Hashlays.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.