- An attacker used a compromised private key to mint 5.4 trillion vsdCRV tokens on Arbitrum, netting roughly $91,000.
- This is the second security incident for Stake DAO in under three months, following a $175,000 exploit in March.
- The hack has fueled a public debate among industry experts on the fundamental security of DeFi protocols in the age of AI.
The long-running DeFi platform Stake DAO was hacked on May 26, 2026, due to an apparent private key compromise on the Arbitrum network. An attacker was able to mint 5.4 trillion of the project’s vsdCRV tokens using a malicious contract. Consequently, the Hacker swapped a portion for 44 ETH before bridging the $91,000 profit to Ethereum.
Blockaid explains the exploit reconfigured a LayerZero contract to grant minting authority. Meanwhile, Stake DAO posted it was aware of the situation and warned users. The platform suffered a separate attack in March, though most of those funds were later returned.
This incident occurred amid a heated debate on DeFi security. Hours prior, OpenZeppelin co-founder Manuel Aráoz stated he now considers all of DeFi unsafe. He argued that “coding agents are superhuman at finding vulnerabilities” in an asymmetric security landscape. However, former Aave delegate Marc Zeller argues most losses stem from configuration errors, not smart contract exploits.
Pseudonymous developer banteg agrees that one small mistake is catastrophic. They noted recent hacks are dominated by privileged key compromises. This ongoing crisis of confidence challenges the resilience of established DeFi protocols.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
