Stake DAO Freezes Arbitrum vsdCRV After 5.4T Token Mint
Stake DAO froze Arbitrum vsdCRV markets after an exploit on May 27 allowed an attacker to mint 5.4 trillion tokens and withdraw about $91,000 before containment.
On May 27, Stake DAO’s protocol on the Arbitrum layer-2 network was targeted by an exploit that let an attacker mint about 5.4 trillion vsdCRV tokens and withdraw roughly $91,000 in transferable assets before contributors contained the breach.
Security firm Blockaid’s preliminary analysis identified an infinite-minting vulnerability in the vsdCRV vault logic and the protocol’s automated reward distribution. An invalid state transition accepted by a vulnerable contract broke internal accounting, allowing the attacker to inflate the vsdCRV supply and extract assets from affected liquidity pools on Arbitrum.
Stake DAO’s core contributors moved to limit the incident. The team secured the Ethereum mainnet assets that back vsdCRV, deactivated the vsdCRV bridge, and confined the economic impact to the Arbitrum ecosystem. With mainnet backing locked, the attacker cannot seize those mainnet funds.
The protocol announced it will permanently sunset the Arbitrum asdCRV Llamalend market and advised users not to interact with vsdCRV contracts. crvUSD depositors were instructed to transfer capital to other Llamalend markets that remain operational.
Stake DAO posted that Boosted yields, Liquid Lockers, Votemarket and Stake DAO lending on Morpho are unaffected based on the current assessment. The team reported the attacker took about $91,000 in transferable digital assets before the exploit was halted.
Law enforcement has been notified. Stake DAO is working with external security partners to trace fund flows, perform a forensic audit of the compromised contracts, map the attack path, attempt asset recovery where possible, and publish audit findings when available.
The incident follows wider debate about DeFi security after comments by a former OpenZeppelin co-founder. OpenZeppelin distanced itself from those comments and noted in a statement that artificial intelligence can be both a risk vector and a defensive tool, adding, “Our researchers use AI daily to catch more issues and edge cases,” and “The answer to AI risk is not retreat from DeFi. It is better security.”
Stake DAO said it will share updates as the investigation proceeds and urged users to follow official channels for instructions on moving funds and interacting with the protocol.
The material on GNcrypto is intended solely for informational use and must not be regarded as financial advice. We make every effort to keep the content accurate and current, but we cannot warrant its precision, completeness, or reliability. GNcrypto does not take responsibility for any mistakes, omissions, or financial losses resulting from reliance on this information. Any actions you take based on this content are done at your own risk. Always conduct independent research and seek guidance from a qualified specialist. For further details, please review our Terms, Privacy Policy and Disclaimers.
Articles by this author
