Market Capitalization:2 489 011 625 501,8 USD
Vol. in 24 hours:90 307 445 413,2 USD
Dominance:BTC 59,72%
ETH:9,77%
Market Capitalization:2 489 011 625 501,8 USD
Vol. in 24 hours:90 307 445 413,2 USD
Dominance:BTC 59,72%
ETH:9,77%
Market Capitalization:2 489 011 625 501,8 USD
Vol. in 24 hours:90 307 445 413,2 USD
Dominance:BTC 59,72%
ETH:9,77%
Market Capitalization:2 489 011 625 501,8 USD
Vol. in 24 hours:90 307 445 413,2 USD
Dominance:BTC 59,72%
ETH:9,77%
Market Capitalization:2 489 011 625 501,8 USD
Vol. in 24 hours:90 307 445 413,2 USD
Dominance:BTC 59,72%
ETH:9,77%
Market Capitalization:2 489 011 625 501,8 USD
Vol. in 24 hours:90 307 445 413,2 USD
Dominance:BTC 59,72%
ETH:9,77%
Market Capitalization:2 489 011 625 501,8 USD
Vol. in 24 hours:90 307 445 413,2 USD
Dominance:BTC 59,72%
ETH:9,77%
Market Capitalization:2 489 011 625 501,8 USD
Vol. in 24 hours:90 307 445 413,2 USD
Dominance:BTC 59,72%
ETH:9,77%
Market Capitalization:2 489 011 625 501,8 USD
Vol. in 24 hours:90 307 445 413,2 USD
Dominance:BTC 59,72%
ETH:9,77%
Market Capitalization:2 489 011 625 501,8 USD
Vol. in 24 hours:90 307 445 413,2 USD
Dominance:BTC 59,72%
ETH:9,77%
Yes
>>The StakeDAO contract on Arbitrum suffered a 5.4 trillion vsdCRV exploit.

The StakeDAO contract on Arbitrum suffered a 5.4 trillion vsdCRV exploit.

crypthub
The StakeDAO contract on Arbitrum suffered a 5.4 trillion vsdCRV exploit.

Incident Overview

StakeDAO’s vsdCRV contract on Arbitrum suffered a security breach that allowed an “infinite mint” of synthetic staking tokens. Researchers detected around 5.4 trillion vsdCRV units being created, far exceeding normal supply. The exploit also resulted in roughly $91 000 of assets being siphoned from the protocol. Unusual on‑chain activity triggered the investigation while the attack was still in progress.

Exploit Mechanics

The vsdCRV token represents shares of Curve‑linked liquidity positions, and its minting logic ties token issuance to deposited assets. A flaw in the contract’s accounting let an attacker manipulate the mint‑ratio, causing unrestricted token creation. The vulnerability stemmed from poorly enforced invariants rather than a compromised private key. By exploiting this, the attacker inflated their balance without legitimate staking power.

Impact and Ongoing Monitoring

The artificially created tokens were quickly exchanged for transferable value, accounting for the $91 k outflow. Because the protocol intertwines staking derivatives with automated reward distribution, tracing the full damage is complex. Analysts continue to monitor vault interactions on Arbitrum to contain further loss. The incident remains under investigation to determine the complete exposure.

Root Cause Insights

Preliminary findings point to a miscalculation in the minting rights, where share‑based ratios could be altered by edge‑case transactions. Without strict state validation, the contract accepted an invalid transition that generated excess tokens. This type of accounting failure is common in DeFi systems relying on share models without robust invariant checks. Fixes will likely focus on tighter minting controls and invariant enforcement.