StakeDAO

May 27, 2026·Arbitrum·Cross-chain trust binding hijack via private key compromise

$91K

total loss

StatusConfirmed

An attacker stole the private key to StakeDAO's deployer wallet on Arbitrum and used it to redirect the vsdCRV token's trusted cross-chain link to a contract they controlled on Ethereum. They then forged a cross-chain message that minted roughly 5.4 trillion vsdCRV out of thin air, dumped what little liquidity existed for about 43.78 ETH (around $91,000), and bridged the proceeds to Ethereum where the funds still sit untouched. Locked sdCRV collateral on Ethereum, other StakeDAO products, and user deposits were not affected. The team has already locked out the compromised key and reset the cross-chain trust setting.

Locked sdCRV collateral on Ethereumsafe

Other StakeDAO products and rewardssafe

User deposits and positions on the Ethereum sidesafe

vsdCRV token on Arbitrumdrained(5.4 trillion phantom tokens minted; token migration likely needed)

vsdCRV DEX liquidity on Arbitrumdrained(about $91K extracted across 28 swaps)

What the score saw

StakeDAO was not in our scored portfolio at the time of this attack. The failure mode, a single deployer wallet holding outsized authority over cross-chain trust settings without a multisig or timelock in front of it, is the same pattern we flag in roughly ninety other protocols we do score, and is a near-mirror of the same weakness that broke Drift, Polymarket, and Kelp DAO earlier this year.

Exploit anatomy

The attacker, using the compromised StakeDAO deployer wallet, signed a setPeer transaction on Arbitrum that pointed the vsdCRV token's trusted cross-chain peer at an attacker contract on Ethereum. A forged cross-chain message from that contract then minted 5.4 trillion vsdCRV to the attacker's wallet, which dumped them across 28 swaps and bridged the proceeds via Stargate to Ethereum mainnet.

Fund flow

Source

Tornado Cash

1 ETH withdrawal, three days before attack

Intermediate wallet

OPSEC cooldown

0x58baE3Cb...de2f19

Takeover

Compromised deployer

signed setPeer on vsdCRV token

0x000755Fb...d1ff62

Attacker wallet on Arbitrum

received the 5.4 trillion mint

0xeF3C054d...77aa25

DeFi monetization

28 swaps to ETH

Curve, KyberSwap, MetaMask Router, Enso; 43.78 ETH extracted

Bridge

Stargate native ETH bridge

Arbitrum to Ethereum, one minute

0x8e60b7b6...19286e

Recipient

Attacker wallet on Ethereum

43.97 ETH untouched

0xeF3C054d...77aa25

Full forensic detail

Step-by-step reconstruction, root cause, counterfactuals, remediation, and disclosure timeline.

Exploit anatomy

Three days before the attack, the attacker withdrew 1 ETH from Tornado Cash to an intermediate wallet on Ethereum, breaking the public link between the funding source and any subsequent attacker identity.

At some point before the attack, the attacker obtained the private key for StakeDAO's deployer wallet on Arbitrum. The exact exfiltration vector has not been publicly confirmed; common patterns at this layer are cloud secret leaks, social engineering of an engineer, compromised CI/CD signing infrastructure, or a leaked .env in a deployment pipeline.

On 2026-05-27 at 08:52 UTC the attacker provisioned gas on Arbitrum to a fresh wallet 0xeF3C054d...aa25 via Relay, a permissionless cross-chain swap aggregator that does not require identity verification.

At 09:00 UTC the compromised deployer wallet signed setPeer(eid=30101, peer=0x00380be1...1106) on the vsdCRV OFT contract at 0x62d5a59e...c833. This single state change replaced the legitimate Ethereum-side counterparty with an attacker-deployed look-alike.

0x62d5a59e...d2c833setPeer(uint32,bytes32)tx:0xf97ddff0...8b39cd

At 09:17 UTC a cross-chain message arrived at the Arbitrum LayerZero endpoint, originating from the attacker's malicious peer contract on Ethereum. The message carried a near-maximum uint64 amount value. The vsdCRV contract accepted it as authoritative because the peer mapping now pointed at the attacker.

0x62d5a59e...d2c833 tx:0x7489ec5f...3e5fe5

The OFT scaled the shared amount by ten to the twelfth (to convert from cross-chain 6-decimal shared units to local 18-decimal units) and minted 5,446,744,073,710 vsdCRV directly to the attacker.

0x62d5a59e...d2c833 tx:0x7489ec5f...3e5fe5

Between 09:17 and 09:43 UTC the attacker ran 28 sequential vsdCRV-to-ETH swaps across Curve, KyberSwap, MetaMask Swap Router, and Enso aggregators. Available liquidity for vsdCRV was tiny compared to the 5.4 trillion mint, so each swap immediately hit deep price impact. Total extraction across all swaps was 43.78 ETH.

At 10:04 UTC the attacker bridged 43.78 ETH from Arbitrum to Ethereum mainnet via Stargate's native ETH bridge. One minute later, 43.97 ETH credited the same attacker wallet on Ethereum, where it sits untouched at forensic report time.

0x8e60b7b6...19286e tx:0xbeca3878...6e6365

Within hours, StakeDAO transferred ownership of the vsdCRV OFT contract to a fresh address 0x52ea58f4...87DC, locking out the compromised deployer. The Ethereum-side trust peer was reset to a new legitimate adapter at 0x92b8d4d4...21e95. The protocol-side attack window is closed.

Root cause

StakeDAO's vsdCRV token on Arbitrum is implemented as a LayerZero V2 OFT, which lets the contract owner reconfigure the trusted Ethereum-side counterparty at any time via a single setPeer call. The deployer wallet that held this owner authority was a single externally owned account, not a multisig, and there was no timelock or cooldown between a peer change and the first cross-chain message accepted from the new peer. There was also no rate limit on inbound mint amounts. Once the attacker had the private key, the entire cross-chain mint authority on Arbitrum was a single transaction away. The smart contract code is not buggy; the operational architecture around it is the failure surface.

// Simplified architecture of the failure surface
function setPeer(uint32 _eid, bytes32 _peer) external onlyOwner {
    peers[_eid] = _peer;  // single state write reconfigures cross-chain trust
    emit PeerSet(_eid, _peer);
}

function _lzReceive(Origin calldata _origin, ...) internal override {
    // onlyPeer check: any caller whose source matches peers[srcEid] passes
    require(peers[_origin.srcEid] == _origin.sender, "OFT: invalid peer");
    _mint(_recipient, _amount);  // attacker-controlled because peer was attacker-controlled
}

Prevention analysis

Similar incidents

Kelp DAO

Same cross-chain trust binding architecture, different compromise vector. Kelp was hit at the verifier infrastructure layer (poisoned RPC nodes feeding a single DVN); StakeDAO was hit at the OApp owner layer (one private key exfiltrated). Both end the same way: a forged cross-chain message authorizing unauthorized minting on the destination chain.

Multichain (Anyswap)

Cross-chain bridge admin custody compromised, leading to unauthorized minting and drain of bridge-controlled assets. Identical risk class at the architectural level: privileged custodial role over cross-chain trust binding with insufficient operational hardening.

Wintermute (Sep 2022)

Single externally owned account holding outsized authority, private key extracted by a flaw in the address-generation tool. Same anti-pattern at a different layer of the stack.

Polymarket

Operational private key compromise, single wallet with admin-equivalent authority over protocol-adjacent value. Same dimensional failure: operational security plus access control. StakeDAO is the more severe variant because the compromised authority controlled cross-chain trust rather than a hot wallet balance.

Drift Protocol

Admin key compromise leading to a single privileged transaction authorizing large-scale value extraction. Centralized admin authority with no multisig or timelock wrapping.

Remediation

1.Done: ownership of the vsdCRV OFT on Arbitrum transferred from the compromised deployer to a fresh address (0x52ea58f4...87DC). The compromised deployer's authority over this contract is fully revoked.

2.Done: peers[30101] reset to a new legitimate Ethereum-side adapter (0x92b8d4d4...21e95). The attack window through the malicious peer is closed.

3.Required next step: rotate every key the compromised deployer wallet ever held across every chain and every contract. Audit any CI/CD secret store, deploy script repository, signer device, or cloud credential that had access.

4.Required next step: plan a vsdCRV token migration or holder snapshot/swap. The 5.4 trillion phantom mint cannot be unminted on-chain; the only clean fix is a new token contract with balances seeded from a pre-attack snapshot.

5.Recommended: migrate the new owner from a single externally owned account to a multisig with a meaningful threshold. Pair it with a timelock on setPeer and any other privileged cross-chain configuration call.

6.Recommended: coordinate with centralized exchange compliance teams to flag the 43.97 ETH attacker address on Ethereum. The funds sit untouched and are a recoverable target with the right outreach.

7.Portfolio-wide: any LayerZero OFT deployment in production that uses a single externally owned account as owner without a multisig or timelock should be treated as a P0 hardening target until that wrapping is in place.

Timeline

2026-05-241 ETH withdrawn from Tornado Cash to intermediate wallet 0x58baE3CbD2A3E0e8D45802Ba9E4D8ACAB9de2f19. Three-day OPSEC cooldown before attack.

2026-05-27Gas funded on Arbitrum to fresh attacker wallet 0xeF3C054d...aa25 via Relay swap aggregator.

2026-05-27Compromised StakeDAO deployer signs setPeer transaction on vsdCRV OFT contract, redirecting Ethereum-side trust to attacker contract 0x00380be1...1106.

2026-05-27Forged cross-chain message arrives at Arbitrum endpoint, mints 5,446,744,073,710 vsdCRV (about 5.4 trillion tokens) to attacker wallet.

2026-05-27Attacker executes 28 sequential vsdCRV-to-ETH swaps across Curve, KyberSwap, MetaMask Router, and Enso. Total extracted: 43.78 ETH (about $91,000).

2026-05-2743.78 ETH bridged via Stargate from Arbitrum to Ethereum mainnet.

2026-05-2743.97 ETH credited to attacker wallet on Ethereum. Funds untouched at forensic report time.

2026-05-27Blockaid publicly alerts the ongoing exploit on X, listing key transaction hashes and addresses.

2026-05-27StakeDAO transfers vsdCRV OFT ownership to fresh address, resets Ethereum-side peer to new legitimate adapter. Protocol-side attack window closed.

2026-05-27BlackHart hack-forensics pipeline publishes HACK-STAKEDAO-2026-001.

Sources

Blockaid (X) initial public alert Arbiscan setPeer attack transaction Arbiscan mint transaction Arbiscan vsdCRV OFT contract Etherscan attacker address holding 43.97 ETH

Blockaid (initial detection and attribution), BlackHart (six-phase forensic pipeline, on-chain verification, cross-portfolio at-risk scan)

Continuous adversarial monitoring

Get your protocol scored across 12 dimensions, or request ongoing coverage.

Request Scoring View Plans