Arbitrum Platform Hit by Major Exploit via Compromised Deployer Key

A major security incident has been reported on the StakeDAO platform on Arbitrum, a decentralized finance (DeFi) protocol focused on automated yield strategies. The exploit occurred due to a compromised deployer private key, which allowed an attacker to mint an astronomical number of vsdCRV tokens.

The attacker successfully created a malicious contract and executed a setPeer transaction for the LayerZero v2 OFT contract on the vsdCRV token contract, redirecting trust to their malicious contract. This enabled them to mint 5,446,744,073,709 vsdCRV tokens to their wallet on the Arbitrum blockchain.

Security firms are monitoring the situation and tracking the liquidation of the stolen tokens from the StakeDAO protocol. To mitigate further damage, StakeDAO is urging users to avoid interacting with the compromised token. The incident highlights the importance of robust security measures in DeFi protocols, particularly in the management of private keys and cross-chain protocol configurations.