A hacker gained control of StakeDAO's deployer private key on Wednesday, minting 5.4 trillion vsdCRV tokens on Arbitrum in a matter of minutes. The attacker swapped a portion of those tokens for about $91,000 worth of ETH, and the incident quickly rippled through Curve Finance's lending market and forced Beefy Finance to pause an affected vault.
How the attack unfolded
The exploit started when the hacker accessed the deployer wallet, a privileged account tied to the token's smart contract. With that access, they created the massive supply of vsdCRV—a token used within Curve's ecosystem. The minting happened on Arbitrum, a layer-2 network where StakeDAO operates. After minting, the attacker converted some of the tokens into ETH, netting roughly $91,000 before the exploit was noticed.
Impact on Curve Finance and Beefy Finance
The flood of newly minted vsdCRV tokens affected Curve Finance's lending market, which relies on accurate token balances and pricing. The exact mechanism of the disruption isn't publicly detailed, but the exploit created an imbalance that Curve's protocols had to handle. Beefy Finance, a yield optimizer that uses StakeDAO tokens in some of its vaults, paused one vault as a precaution. The pause prevented further deposits or withdrawals while the team assessed the risk.
What's known about the stolen funds
So far, only a small fraction of the minted tokens were swapped—about $91,000 worth of ETH. The remaining 5.4 trillion vsdCRV tokens are still in the attacker's wallet or have been moved to other addresses. Because the tokens were minted rather than stolen from users, the direct financial loss is limited to the attacker's ETH gains. But the disruption to lending markets and vaults could have broader consequences if the attacker tries to dump more tokens.
Next steps for the affected platforms
StakeDAO has not yet released a public statement about the exploit or a timeline for restoring normal operations. Beefy Finance said the paused vault will remain inactive until the team deems it safe. Curve Finance's lending market is still functioning, but users should watch for any unusual activity. The hacker's wallet remains active, and the minted tokens could be used in further attacks. Regulators and security firms are likely tracking the movement of the funds.
