Friday, July 3, 2026
No Result
View All Result
Coins League
  • Home
  • Bitcoin
  • Crypto Updates
    • Crypto Updates
    • Altcoin
    • Ethereum
    • Crypto Exchanges
  • Blockchain
  • NFT
  • DeFi
  • Metaverse
  • Web3
  • Scam Alert
  • Regulations
  • Analysis
Marketcap
  • Home
  • Bitcoin
  • Crypto Updates
    • Crypto Updates
    • Altcoin
    • Ethereum
    • Crypto Exchanges
  • Blockchain
  • NFT
  • DeFi
  • Metaverse
  • Web3
  • Scam Alert
  • Regulations
  • Analysis
No Result
View All Result
Coins League
No Result
View All Result

Stake DAO Exploit Lets Attacker Mint 5.4T vsdCRV on Arbitrum

May 28, 2026
in NFT
Reading Time: 4 mins read
0 0
A A
0
Home NFT
Share on FacebookShare on TwitterShare on E Mail


Stake DAO was exploited on Arbitrum on Could 27, 2026, when an attacker minted over 5.4 trillion vsdCRV by exploiting the token’s cross-chain configuration. Stake DAO has warned customers to not work together with vsdCRV, whereas Curve Finance additionally really useful that customers with deposits or loans within the asdCRV LlamaLend market on Arbitrum withdraw them to mitigate oracle dangers. On-chain knowledge reveals that the attacker was solely in a position to understand a small fraction of the worth into ETH attributable to restricted liquidity.

Exploit Particulars

On-chain knowledge on Arbitrum reveals that the mint transaction occurred at block 467160931 at 09:17:58 UTC on Could 27, 2026. The transaction recorded roughly 5.45 trillion vsdCRV being minted from the null tackle to the pockets 0xeF3C…aa25.

On-chain proof of the Stake DAO exploit. Supply: Arbiscan

This transaction interacted with the LayerZero v2 Executor, indicating that the minting course of was associated to the cross-chain messaging circulation used to create tokens on Arbitrum. The mint transaction’s hash is 0x7489…e5fe5, in response to Arbiscan knowledge.

Blockaid acknowledged that they detected an ongoing exploit focusing on Stake DAO on Arbitrum, through which the attacker minted over 5.4 trillion vsdCRV and commenced swapping these tokens into ETH.

In keeping with safety monitoring sources, together with PeckShield, the attacker swapped a portion of the tokens for about 43.78 ETH, price round $91,200 on the time of reporting, after which bridged the property to Ethereum. This determine displays the worth initially realized by the attacker, not the nominal worth of the complete minted vsdCRV provide.

Suspected Root Trigger

Blockaid suspects the exploit doubtless stemmed from the Stake DAO deployer’s non-public key being compromised. The deployer tackle talked about is 0x0007…ff62.

From this entry, the attacker is believed to have altered the cross-chain configuration that vsdCRV makes use of to validate messages through LayerZero. Particularly, Blockaid stated the attacker modified the trusted “peer” from a sound adapter on the Ethereum aspect to a malicious contract deployed by the attacker, after which used that contract to ship faux messages to mint tokens on Arbitrum.

Suspected root trigger is compromised non-public key.

Malicious peer deployment: https://t.co/RlJlVYC5xeCross-chain mint: https://t.co/NBQdjaTXu0setPeer #3 (earlier than mint): https://t.co/sq7jrH8tN6…Mint tx: https://t.co/kH52CmHXGm…

— Blockaid (@blockaid_) Could 27, 2026

The main points printed by Blockaid point out that the incident concerned deployer permissions and Stake DAO’s LayerZero OFT configuration, somewhat than a confirmed vulnerability inside the LayerZero core protocol. As of the time of writing, Stake DAO has not printed a full autopsy concerning how the non-public key was compromised or the scope of the affected contracts.

This context locations the incident alongside cross-chain messaging dangers that gained consideration following the roughly $292 million Kelp DAO/rsETH incident in April 2026, which additionally concerned message flows via LayerZero. The distinction is that within the Stake DAO case, the present knowledge focuses on the venture’s compromised key and OFT configuration.

Market and Consumer Influence

Instantly following the incident, Stake DAO requested customers to not work together with vsdCRV whereas the problem was being dealt with. With over 5.4 trillion new tokens minted, the chance lies not solely within the dilution of the vsdCRV provide but additionally within the affect on liquidity swimming pools, oracles, and protocols linked to this token on Arbitrum.

Curve Finance additionally issued a separate warning for customers with deposits or loans within the asdCRV LlamaLend market on Arbitrum. In keeping with Curve, the market was nonetheless working usually on the time of the warning, however the value oracle may change into unstable as a result of exploit involving vsdCRV, growing the chance of liquidation for borrowing/debt positions.

If in case you have deposits or loans in asdCRV LlamaLend market on Arbitrum – please exist ASAP out of precation.

The market is ok proper now however its value oracle can change into unstable as a result of vsdCRV exploit which may trigger liquidations. https://t.co/HhvMfzXEe9

— Curve Finance (@CurveFinance) Could 27, 2026

Regardless of the large quantity of tokens minted, the worth initially realized by the attacker was solely round $91,200, which is way decrease than the nominal determine as a result of vsdCRV liquidity was inadequate to soak up the complete pool of recent tokens. The ultimate injury nonetheless depends upon the quantity of tokens swapped, the extent of affect on associated swimming pools, and the remediation measures from Stake DAO.

What Stays Unclear

Stake DAO had not printed a full autopsy on the time the preliminary warnings had been issued. The remaining open questions embody how the non-public key was compromised, the scope of the affected contracts, the restoration standing of the cross-chain configuration, and the extent of remaining threat to associated swimming pools or markets on Arbitrum.

Within the quick time period, customers concerned with vsdCRV, sdCRV, or markets utilizing associated oracles on Arbitrum nonetheless want to watch official bulletins from Stake DAO, Curve, and on-chain safety entities. The incident additionally highlights key administration dangers in DeFi, particularly for protocols that also permit deployer or admin keys to change belief configurations between chains.



Source link

Tags: 5.4TArbitrumAttackerDAOexploitLetsMintstakevsdCRV
Previous Post

Solana (SOL) Plunges Lower, Market Sentiment Turns Sharply Bearish

Next Post

Cathie Wood Doubles Down On $1.25 Million Bitcoin Target

Related Posts

New York exhibition fundraising for Venezuelan earthquake relief efforts – The Art Newspaper
NFT

New York exhibition fundraising for Venezuelan earthquake relief efforts – The Art Newspaper

July 3, 2026
Visa, Mastercard, Coinbase Join 140+ Firms to Launch Open USD Stablecoin Network
NFT

Visa, Mastercard, Coinbase Join 140+ Firms to Launch Open USD Stablecoin Network

July 3, 2026
MetaMask Launches Stablecoin Yield Account With Card Spending
NFT

MetaMask Launches Stablecoin Yield Account With Card Spending

July 2, 2026
Undisturbed ancient Maya city discovered in Mexican jungle – The Art Newspaper
NFT

Undisturbed ancient Maya city discovered in Mexican jungle – The Art Newspaper

July 2, 2026
Binance Lists Re (RE) With Seed Tag for Spot Trading
NFT

Binance Lists Re (RE) With Seed Tag for Spot Trading

July 1, 2026
Comment | Why should artists stay in cities like London and New York when financial pressures are making it harder than ever? – The Art Newspaper
NFT

Comment | Why should artists stay in cities like London and New York when financial pressures are making it harder than ever? – The Art Newspaper

July 1, 2026
Next Post
Cathie Wood Doubles Down On $1.25 Million Bitcoin Target

Cathie Wood Doubles Down On $1.25 Million Bitcoin Target

How to Read Trading Volume

How to Read Trading Volume

Grayscale’s Latest Report Says What Comes Next

Grayscale’s Latest Report Says What Comes Next

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Twitter Instagram LinkedIn RSS Telegram
Coins League

Find the latest Bitcoin, Ethereum, blockchain, crypto, Business, Fintech News, interviews, and price analysis at Coins League

CATEGORIES

  • Altcoin
  • Analysis
  • Bitcoin
  • Blockchain
  • Crypto Exchanges
  • Crypto Updates
  • DeFi
  • Ethereum
  • Metaverse
  • NFT
  • Regulations
  • Scam Alert
  • Uncategorized
  • Web3

SITEMAP

  • Disclaimer
  • Privacy Policy
  • DMCA
  • Cookie Privacy Policy
  • Terms and Conditions
  • Contact us

Copyright © 2023 Coins League.
Coins League is not responsible for the content of external sites.

No Result
View All Result
  • Home
  • Bitcoin
  • Crypto Updates
    • Crypto Updates
    • Altcoin
    • Ethereum
    • Crypto Exchanges
  • Blockchain
  • NFT
  • DeFi
  • Metaverse
  • Web3
  • Scam Alert
  • Regulations
  • Analysis

Copyright © 2023 Coins League.
Coins League is not responsible for the content of external sites.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In