Security researchers flag ongoing Stake DAO exploit after attacker mints trillions of vsdCRV

Security researchers have identified an ongoing exploit affecting Stake DAO, a DeFi platform. An attacker managed to mint over 5.4 trillion vsdCRV tokens on Arbitrum and is actively exchanging them for ETH. Part of these funds have already been swapped for 43.78 ETH (approximately $91,000) and bridged to the Ethereum network. VsdCRV is a yield-related derivative token linked to the Curve Finance ecosystem and used within Stake DAO. Stake DAO has acknowledged the situation and advised users to avoid interacting with vsdCRV. The suspected cause of the exploit is a compromised private key for the Stake DAO deployer, which allowed the attacker to set an arbitrary peer for vsdCRV and trigger the unconditional minting of the tokens. This incident occurs during a period of heightened DeFi exploits, with over $600 million lost since April, partly attributed to advancements in AI.

(Source：The Block)