Stake DAO, a DeFi platform focused on automated yield strategies, is facing an ongoing exploit, multiple blockchain security firms reported on Wednesday.
The attacker minted over 5.4 trillion vsdCRV on Arbitrum and is actively swapping it for ETH, Blockaid noted on X. PeckShield said that, so far, part of the funds had been swapped for 43.78 ETH ($91,000) and bridged to Ethereum.
vsdCRV, or vote-boosted sdCRV, is a yield-related derivative token tied to the Curve Finance ecosystem and used within Stake DAO.
Stake DAO said it was aware of the situation and urged users not to interact with vsdCRV.
The suspected root cause is a compromised Stake DAO deployer private key, the researchers said.
