Stake DAO was attacked on Arbitrum, with 5.44 trillion tokens being illegally minted.

BTC

$63,974.00

-3.02%

NewsNewsDetails

CoinPedia

05-27 19:54

Ai Focus

Stake DAO was attacked on Arbitrum, with approximately 5.44 trillion vsdCRV tokens being abnormally minted. Some of these funds have been converted into ETH and transferred to Ethereum.

Helpful

No.Help

A security incident occurred on Arbitrum involving Stake DAO. Attackers allegedly obtained the protocol deployer's private key, modified the LayerZero v2 peer configuration of vsdCRV, and then forged cross-chain messages, triggering a large-scale aberrant minting.

Attack paths point to private keys and cross-chain configurations

According to the disclosure, the problem lies in the cross-chain communication settings of vsdCRV. After changing the peer address of LayerZero v2 to a controllable target, the attacker constructed a malicious cross-chain message, causing the contract to directly mint approximately 5.44 trillion vsdCRV into the wallet without any additional restrictions.

These attacks are not carried out through open market purchases, but rather by directly exploiting protocol permissions and cross-chain message verification processes to create a large supply of tokens that should not exist in the first place.

Some tokens have been exchanged and transferred to Ethereum.

Blockchain security firm Blockaid stated that the attackers have sold some of their tokens, obtaining approximately 43.78 ETH, and bridged the funds back to the Ethereum mainnet. This indicates that the assets have begun to be transferred across blockchains, potentially increasing the difficulty of tracking and freezing them.

The attack occurred on the Arbitrum network.

The token involved is vsdCRV of Stake DAO.

Some funds have already been converted into approximately 43.78 ETH.

During the team's investigation, users were reminded to revoke authorization.

The Stake DAO team is still investigating the incident, with a focus likely on how the private key was leaked, when the configuration change occurred, and whether any other contracts or assets were affected.

During the investigation, users have been advised to revoke the relevant authorizations as soon as possible to mitigate subsequent risks. For DeFi protocols, once deployment permissions or cross-chain configurations are controlled, the impact often spreads rapidly from a single contract to fund transfers and liquidity.

Follow CoinMeta official accounts to stay updated

@CoinMeta_Labs

Tip

Save

CoinMeta reminds readers to view blockchain rationally, stay aware of risks, and beware of virtual token issuance and speculation. All content on this site represents market information or related viewpoints only and does not constitute any form of investment advice. If you find sensitive content, please click“Report”，and we will handle it promptly。

Submit

Comment 0

Hot

Latest

No comments yet. Be the first!

Blockworks will withdraw from Arbitrum DAO governance.

Blockworks will withdraw from the Arbitrum DAO governance role, citing business restructuring. This event also reflects a shift in the governance relationship between the DAO and project developers.

AMBCrypto

·2026-06-02 23:26:26

Tessera DAO tokens plummeted after an abnormal issuance.

TSR tokens of Tessera DAO plummeted due to abnormal issuance and dumping, and the funds involved have crossed the chain and partially entered Tornado Cash.

CoinPedia

·2026-06-02 16:15:23

928

Arbitrum requests new funding; DAO revenue still falls short of expenditures.

Arbitrum plans to apply for a new round of funding for its foundation. DAO's annual revenue still lags behind its ecological expenditures, and Layer 2 self-sufficiency is once again under scrutiny.

AMBCrypto

·2026-05-29 22:58:03

424

DxSale was attacked, and approximately $7.3 million was stolen.

DxSale was attacked on BNB Chain, resulting in the theft of approximately $7.3 million and affecting about 1,400 investors.

Coinpaper

·2026-05-29 21:27:11

271

Gravity Bridge was attacked, resulting in approximately $5.4 million in losses.

Gravity Bridge was attacked, with approximately $5.4 million in assets stolen. The attackers still control approximately 2,102 ETH.

Coinpedia

·2026-05-30 17:11:02

870

Latest from Author

Refresh

Foreign media: Analysts list five institutional catalysts for XRP

22m ago 122peopleViews

XRP prices weakened, but ETF funds continued to flow in.

1h ago 987peopleViews

New regulations on stablecoins in Japan drove TEL up by over 20% in a single day.

1h ago 882peopleViews

Recommended