StakeDAO Exploit Nets Attacker $91K as 5.4 Trillion Tokens Flood Arbitrum

A recent exploit targeting StakeDAO has left the crypto community reeling as an attacker successfully minted over 5.4 trillion vsdCRV tokens on the Arbitrum blockchain. However, due to thin liquidity, the realized proceeds from the attack were limited to approximately $91,000.

The compromised deployer key was used to repoint the vsdCRV cross-chain bridge configuration to an attacker-controlled contract on Ethereum. This allowed the attacker to send a LayerZero message back to Arbitrum, triggering the minting of over 5 trillion vsdCRV tokens in just 25 seconds.

The incident has sparked concerns about the vulnerability of decentralized finance (DeFi) protocols and the importance of robust key management practices. Blockchain security firm PeckShield noted that while the attacker was able to swap a portion of the minted vsdCRV for Ether, the majority of the tokens had little meaningful liquidity to exit.