Stake DAO has suffered a significant security breach on the Arbitrum network, resulting in the illegal minting of approximately 5.44 trillion vsdCRV tokens. The attacker reportedly gained access to the protocol deployer's private key and altered the LayerZero v2 endpoint configuration, enabling the creation of fraudulent cross-chain messages. This exploit allowed the attacker to mint tokens directly to their wallet without market purchases. Blockchain security firm Blockaid revealed that the attacker has already sold some of the tokens, converting them into about 43.78 ETH, which has been transferred back to the Ethereum mainnet. The Stake DAO team is actively investigating the breach, focusing on the private key compromise and potential impacts on other contracts. Users have been advised to revoke authorizations to mitigate further risks.