Crypto Times Logo Black
Google News Follow Banner
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • DeFi News
    • Blockchain News
    • Industry
  • Exclusive
    ExclusiveShow More
    After Securing MiCA License, OKX Says Banking License Is Not a Priority
    After Securing MiCA License, OKX Says Banking License Is Not a Priority
    The Wall Around Mint Street: How the RBI Spent a Year Shutting Crypto Out of Indian Banking
    The Wall Around Mint Street: How the RBI Spent a Year Shutting Crypto Out of Indian Banking
    Michael Saylor’s Strategy
    Why Michael Saylor’s Strategy Is Selling Bitcoin After Years of Buying
    Anthropic’s Claude Fable 5 Crypto Hacks
    Anthropic’s Claude Fable 5: The AI That Could Supercharge Crypto Hacks and Defenses
    CLARITY Act Stalls Why Senate's August Recess Puts US Crypto Rules at Risk
    CLARITY Act Stalls: Why Senate’s August Recess Puts US Crypto Rules at Risk
  • Opinion
    OpinionShow More
    The Bitcoin Treasury Blueprint What Stress Testing on Strategy Inc.’s MSTR-STRC Reveals
    The Bitcoin Treasury Blueprint: What Stress Testing on Strategy Inc.’s MSTR-STRC Reveals
    Why Wall Street is Divided Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    Why Wall Street is Divided: Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    The Arthur Hayes Paradox Macro Prophet or Market Opportunist
    The Arthur Hayes Paradox: Macro Prophet or Market Opportunist?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India's Digital Rupee Push?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India’s Digital Rupee Push?
    The CLARITY Act War Starts Jamie Dimon Vs Armstrong
    The CLARITY Act War Starts: Jamie Dimon Vs Armstrong
  • Learn
    • Explained
    • How To
    • Insights
  • Videos
  • More
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
The Crypto TimesThe Crypto Times
  • All News
  • Market
  • Bitcoin
  • Ethereum
  • Altcoins
  • Regulations & Policies
  • Blockchain
  • DeFi
  • Industry
  • Exclusive
  • Opinion
Search
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • Blockchain
    • DeFi
    • Industry
    • Exclusive
    • Opinion
  • Learn
    • Explained
    • How To
    • Insights
  • Quick Links
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
    • AI Policy
    • Sponsored & Advertorial Policy
  • Videos
  • Glossary
Follow US
© 2026 By Crypto Times. All Rights Reserved.
DeFi News

Stake DAO Assures Users After vsdCRV Exploit and Bridge Shutdown

The protocol confirmed the impact was contained to Arbitrum, with Boosted yields, Liquid Lockers, Votemarket, and Morpho lending unaffected.

Written By Dhara Chavda
Published 2026-05-28·Updated 2 months ago
Make The Crypto Times preferred on GoogleGoogle
Share
Stake DAO Assures Users After vsdCRV Exploit and Bridge Shutdown
Show AI Summary
Stake DAO confirmed that contributors secured the vsdCRV backing on Ethereum mainnet before the attacker could seize it.
The protocol said Boosted yields, Liquid Lockers, Votemarket, and Stake DAO lending on Morpho are all unaffected.
The Arbitrum asdCRV Llamalend market is being sunset, with crvUSD depositors directed to move funds to other Llamalend markets.

Stake DAO published its first substantive update on the vsdCRV exploit, roughly 24 hours after an attacker compromised the protocol’s deployer private key and minted 5.4 trillion vsdCRV tokens on Arbitrum.

The key takeaway: the protocol says no mainnet funds were lost to the attacker.

“Preliminary investigation indicates an unauthorised party (attacker) minted vsdCRV on Arbitrum,” Stake DAO wrote on X. “Contributors quickly secured the vsdCRV backing on mainnet (no funds seizable by the attacker) and closed the vsdCRV bridge, containing the impact to Arbitrum.”

Update on yesterday's incident: preliminary investigation indicates an unauthorised party (attacker) minted vsdCRV on Arbitrum.

Contributors quickly secured the vsdCRV backing on mainnet (no funds seizable by the attacker) and closed the vsdCRV bridge, containing the impact to… https://t.co/Z73Bz9FiAi

— Stake DAO (@StakeDAOHQ) May 28, 2026

What Was Affected — and What Wasn’t

Stake DAO provided a clear breakdown of what remains operational and what does not.

Unaffected: Boosted yields, Liquid Lockers, Votemarket, and Stake DAO lending on Morpho. The protocol said its current assessment shows these core products were not impacted by the exploit.

Affected: The Arbitrum asdCRV Llamalend market is being sunset. Stake DAO directed crvUSD depositors in that market to move their funds to other Llamalend markets. Curve Finance had separately advised users to exit Llamalend positions involving asdCRV on the day of the exploit to avoid liquidation risk.

The vsdCRV bridge between Ethereum and Arbitrum has been permanently closed, meaning no further cross-chain minting or transfers of vsdCRV are possible.

How the Containment Worked

The exploit, first flagged by Blockaid on May 27, involved a compromised deployer key that was used to reconfigure the LayerZero v2 OFT peer on the vsdCRV token contract. The attacker redirected trust from the legitimate Ethereum-side vsdCRVOFTAdapter to a malicious contract, then forged a cross-chain message that triggered unconditional minting of 5,446,744,073,709 vsdCRV on Arbitrum.

The critical detail in Stake DAO’s update is that contributors secured the vsdCRV backing on Ethereum mainnet before the attacker could bridge the exploit back to L1. By closing the bridge, the protocol isolated the damage to Arbitrum—where the attacker had minted trillions of tokens but could only extract approximately 43.78 ETH (~$91,000) due to near-zero DEX liquidity in vsdCRV pools.

Onchain analyst EmberCN had noted on the day of the exploit that vsdCRV pools held only tens of thousands of dollars in liquidity, making the 5.4 trillion minted tokens ($763 billion nominal value) almost entirely unexitable. The containment strategy — securing mainnet backing and cutting the bridge — effectively locked the attacker on the wrong side of the exploit.

Law Enforcement Involved

Stake DAO confirmed that “law enforcement is ongoing, and security partners are involved.” The protocol did not name the security firms or law enforcement agencies but indicated that more details would follow.

This is a notable escalation from the protocol’s initial response on May 27, which consisted only of a brief acknowledgement and a warning not to interact with vsdCRV.

What Remains Open

Stake DAO has not yet published a full post-mortem. Key questions remain unanswered: how the deployer private key was compromised, whether the key was stored in a hardware wallet or hot wallet, why a single deployer key had sufficient permissions to reconfigure the LayerZero OFT peer without multisig approval, and whether any other Stake DAO contracts share similar key management architecture.

The protocol’s TVL stands at approximately $151 million, with only a small portion directly exposed on Arbitrum. The fact that mainnet backing was secured before the attacker could seize it suggests the response team acted quickly—but the underlying question of how a single compromised key could trigger an unlimited mint remains the same vulnerability pattern that has driven the costliest DeFi exploits of 2026.

Also Read: 40+ DeFi Protocols Shut Down in 2026: Inside the $770M Hack Crisis Reshaping Crypto

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.

Follow The Crypto Times on Google News to Stay Updated!      Google News

TAGGED:Crypto HackDAO
Share This Article
Whatsapp Whatsapp LinkedIn Telegram Copy Link

Latest News

Binance.US Plots Market Comeback Targeting 20% Market Share
Binance.US Plots Market Comeback Targeting 20% Market Share
Lumi Finance Drained of $270K on Arbitrum via Smart Account Exploit
Lumi Finance Drained of $270K on Arbitrum via Smart Account Exploit
LAB Token Price Drops 99% to $0.27 Amid On-Chain Scandals & July 14 Unlocks 
LAB Token Price Drops 99% to $0.27 Amid On-Chain Scandals & July 14 Unlocks 
Bitcoin Mining Miracle: A $150 Miner Wins $200K BTC in Block Reward
Bitcoin Mining Miracle: A $150 Miner Wins $200K BTC in Block Reward
Robinhood Makes $816K, Pays ETH Just $1.5K Lubin Defends Ethereum L1 Value
Robinhood Makes $816K, Pays ETH Just $1.5K: Lubin Defends Ethereum L1 Value

Find Us on Socials

You may also like

Aave Picks Chainlink CCIP to Power Upcoming Multi-Chain App

Aave Picks Chainlink CCIP to Power Upcoming Multi-Chain App

JIP-38 Approved: Jito to Use JTX Revenue for JTO Buybacks

JIP-38 Approved: Jito to Use JTX Revenue for JTO Buybacks

BonkDAO Updates Community After $20M Treasury Governance Incident

BonkDAO Updates Community After $20M Treasury Governance Incident

PHX-WBNB Liquidity Pool Drained of Nearly $90K in BNB Chain Exploit

PHX-WBNB Liquidity Pool Drained of Nearly $90K in BNB Chain Exploit

The Crypto Times Logo PNG

Providing real-time, accurate Crypto reporting. Your trusted source for Crypto News and Research.

Stay Updated

All News
Exclusive
Opinions
Learn
Videos
Glossary

Company

About Us
Our Authors
Editorial Policy
AI Policy
Advertorial Policy

Get In Touch

Contact Us
Career

Find Us on Socials

X-twitter Linkedin Telegram Youtube Instagram

© 2026 The Crypto Times | A BITROCK TECHNOLOGIES L.L.C. Company.

DMCA.com Protection Status
  • Terms and Conditions
  • Disclaimer
  • Privacy Policy
  • Cookie policy
Do Not Sell or Share My Personal Information