Security researchers flag ongoing Stake DAO exploit after attacker mints trillions of vsdCRV
The attacker minted 5.4 trillion vsdCRV on Arbitrum and is actively swapping tokens for ether, the researchers said.
Security researchers have identified an active exploit targeting Stake DAO, a decentralized finance protocol, with attackers successfully minting 5.4 trillion vsdCRV tokens on the Arbitrum network. According to the researchers, the perpetrators are currently in the process of swapping these illegitimately created tokens for ether, indicating an ongoing attack rather than a completed breach.
Stake DAO operates as a DeFi platform that allows users to stake various cryptocurrencies and earn rewards. The vsdCRV token represents a vote-escrowed version of Curve DAO tokens within the Stake DAO ecosystem. The massive scale of the token minting—5.4 trillion units—suggests a significant vulnerability was exploited in the protocol's smart contract infrastructure.
The exploit represents another major security incident in the DeFi space, where smart contract vulnerabilities continue to pose substantial risks to users and platforms. The ability to mint such an enormous quantity of tokens and actively convert them to ether demonstrates the potential for immediate financial damage when protocols are compromised. The incident highlights ongoing concerns about smart contract security across layer-2 networks like Arbitrum.
Market participants will be closely monitoring Stake DAO's response to contain the exploit and assess the full extent of the damage. The platform's ability to halt the ongoing token swaps and implement emergency measures will be crucial in determining the final impact on users and the protocol's long-term viability.
Source: The Block
