Stake DAO exploit on Arbitrum mints 5.4T vsdCRV

An attacker minted 5,446,744,073,709 vsdCRV on the Arbitrum network, then converted a portion of the tokens for about 43.78 ETH, Stake DAO and security researchers reported. Stake DAO warned users not to interact with vsdCRV while the incident was active.

Security firm Blockaid said the attacker appears to have compromised a deployer key and altered LayerZero peer configuration to fabricate a cross‑chain message before carrying out the large mint. On-chain liquidity constraints limited how much value the attacker could convert into ETH, Blockaid added.

Curve issued warnings about an affected Arbitrum market on LlamaLend, and Beefy Finance paused a vault that had exposure to Curve and Convex strategies. Stake DAO’s public guidance remained that users should avoid interacting with vsdCRV until the situation is resolved.

The affected product is Stake DAO’s Liquid Lockers. The vaults let users deposit governance tokens such as CRV and receive tradable sdTokens that provide boosted yield and governance exposure while removing the need for users to manage Curve locking, vote‑power allocation, wrappers, gauges or incentives.

The vault interface hides several technical components that protocols and security firms identify as dependencies: deployer keys, cross‑chain messaging trust, wrapper and token accounting, and oracle feeds. Blockaid traced the exploit through the LayerZero peer configuration and the deployer key used to run the locker contracts.

Ido Ben‑Natan, co‑founder and CEO of Blockaid, wrote that protocols need both strong governance controls and real‑time on‑chain security tooling that validates transactions before execution. He said those elements matter to prevent single points of failure around deployer keys and message routing.

April 2026 recorded roughly $635 million in losses across 28 DeFi incidents, with attackers using social engineering, bridge spoofing and AI‑assisted reconnaissance in several cases. Manuel Aráoz, a co‑founder of OpenZeppelin, posted that he now views all of DeFi as unsafe because AI coding agents have grown more effective at finding vulnerabilities; OpenZeppelin later said his posts did not reflect the company’s position.

Security vendors reported using AI agents for investigations, simulations and malicious‑pattern matching to adapt to new threats. Protocols and auditors are increasingly recommending measures such as multisignature controls, formal verification, runtime monitoring and transaction validation as part of vault security.

The incident prompted industry discussion about clearer disclosure of protocol dependencies, stronger governance controls and integrated security tooling in automated yield products. Stake DAO and other affected projects continue to monitor on‑chain activity and coordinate responses as they investigate the breach.