Stake DAO vsdCRV exploit highlights hidden risks inside one-click DeFi yield vaults

Stake DAO's vsdCRV on Arbitrum was exploited after a suspected deployer-key compromise, enabling the minting of 5,446,744,073,709 tokens and swaps into about 43.78 ETH. The incident prompted Stake DAO, Curve, and Beefy Finance to pause or warn on affected products, underscoring how automated vaults can conceal dependencies like cross-chain messaging, wrapper accounting, and key control.