Build with CoinStats’ all-in-one API. Learn more

EnglishDeutsch한국어日本語EspañolFrançaisՀայերենNederlandsРусскийItalianoPortuguêsTürkçe投资组合跟踪工具掉期交易加密货币定价Crypto API集成新闻赚取博客NFT小工具DeFi投资组合跟踪器加密货币游戏24小时报告新闻资料包API文档
CoinStats

Stake DAO Exploit Shows Why “Audited” Doesn’t Mean Safe In DeFi

2月 之前
看涨:

0

看跌:

0

The Stake DAO exploit on Wednesday compromised the protocol’s Arbitrum deployer key. An attacker minted roughly 5.4 trillion fake Vote-Boosted sdCRV (vsdCRV) tokens before swapping them for ether through a public router.

The breach bypassed every smart-contract control in place. A single private key with privileged rights has driven hundreds of millions in DeFi losses this year.

How the Stake DAO exploit happened

On-chain alerts from Blockaid traced the breach to a Stake DAO deployer wallet. The attacker used the key to reset the LayerZero v2 bridge peer for vsdCRV.

Roughly 25 seconds later, a forged cross-chain message minted 5.4 trillion vsdCRV on Arbitrum.

The attacker dumped the tokens for ether through MetaMask’s public router. No smart-contract flaw was found.

Notably, a recent LayerZero exploit on KelpDAO occured through similar peer-configuration abuse.

A Familiar Pattern of Key Compromises

The Stake DAO exploit follows the same template as April’s Wasabi Protocol drain. A compromised deployer wallet pulled around $4.5 million from vaults on four chains.

Drift Protocol lost $285 million on Solana that same month. Arbitrum’s KelpDAO freeze followed a $292 million bridge exploit weeks later.

Each protocol had passed audits. The failure sat above the code, in the keys that set bridge peers or upgrade implementations. Resolv’s $80 million mint earlier this year fit the same mold

“The question DeFi has to answer in 2026 is no longer whether protocols get audited, because almost all of them do. It is whether the small set of operational keys behind those audited contracts… are still allowed to live as a single object on a single laptop,” Sodot co-founder Shalev Keren told BeInCrypto, adding that audits no longer answer the central question.

For Stake DAO and its peers, multisig wallet protections need to sit between deployer keys and forged mints. Otherwise, the next DeFi platform compromise will trace back to a single laptop, not bad code.

2月 之前
看涨:

0

看跌:

0

从同一位置管理所有加密资产、NFT 和 DeFi 资产

安全地关联您正在使用的投资组合,以开始交易。