Following a compromise of the deployer key associated with the StakeDAO protocol on the Arbitrum network, an attacker minted over 5.4 trillion vsdCRV tokens. However, due to low market liquidity, the hacker was only able to profit approximately $91,000 from this massive amount of assets. This was reported by Cointelegraph.com reports. According to
According to security firm PeckShield, the attacker swapped a portion of the minted vsdCRV tokens for 43.7 Ether (ETH) and bridged the funds to the Ethereum network. Analysts at EmberCN note that the hacker successfully swapped approximately 16.83 million vsdCRV, as there was insufficient liquidity in the market for the remaining tokens.
While the paper value of 5.4 trillion vsdCRV is approximately $763 billion, this figure does not represent real profit or the actual loss to the protocol. This incident highlights the significant gap between nominal token value and real realizable value in the DeFi sector. The StakeDAO team has warned users to halt all operations involving vsdCRV.
According to Shalev Keren, founder of Sodot, this incident was not a smart contract bug, but the result of an unprotected governance key. Because a single private key controlled critical functions without a multi-signature system, the attacker was able to execute fraudulent transactions via the LayerZero protocol.
Read “Zamin” on Telegram!
