Blockchain security firm Blockaid reported detecting a significant exploit targeting the StakeDAO protocol on the Arbitrum network. According to the firm, an attacker allegedly compromised the protocol’s deployer private key, enabling the fraudulent minting of over 5.4 trillion vsdCRV tokens. This was accomplished by manipulating cross-chain messaging through the reconfiguration of a trusted LayerZero peer on the contract.
Blockchain security firm Blockaid said it detected an exploit targeting StakeDAO on Arbitrum. An attacker allegedly compromised the protocol’s deployer private key and minted more than 5.4 trillion vsdCRV tokens through manipulated cross-chain messaging.
According to Blockaid, the attacker reconfigured the trusted LayerZero peer tied to StakeDAO’s vsdCRV OFT contract. They then sent a forged cross-chain message to mint the massive quantity of tokens on the Arbitrum network.
The security firm’s investigation pointed to a compromise of a critical access key. This event highlights ongoing security challenges within decentralized finance infrastructure and cross-chain communication systems.
