LiquidStakingPoison: Exploiting Curve stETH Pools to Drain ETH via Slashing-Via-Protocol Vulnerability

Executive Summary: In April 2026, a novel attack vector dubbed LiquidStakingPoison was discovered, targeting Curve Finance’s stETH/ETH liquidity pools. The exploit leveraged a protocol-level vulnerability to simulate slashing conditions, enabling malicious actors to drain an estimated 12,000 ETH (~$48M at April 2026 prices) from unsuspecting liquidity providers (LPs). Unlike traditional MEV or reentrancy attacks, this attack abuses the interplay between stETH’s rebasing mechanics and Curve’s virtual price oracle, creating a false slashing signal that triggers emergency withdrawal safeguards. The incident underscores the systemic risks in composable DeFi protocols, particularly when liquid staking derivatives (LSDs) interact with automated market makers (AMMs) without rigorous cross-protocol validation.

Key Findings

• Attack Vector: Exploited the stETH/ETH pool on Curve Finance via manipulated oracle readings that mimicked slashing events.
• Root Cause: Insufficient validation of rebasing token behavior in AMM pricing logic, allowing artificial inflation of stETH virtual price.
• Impact: 12,000 ETH drained; 8,000 LPs affected across mainnet and Layer 2 deployments; temporary suspension of stETH/ETH Curve pool.
• Attack Timeline: Exploit initiated on April 12, 2026; fully remediated by April 15, 2026 via emergency patch and pool upgrade.
• Mitigation Gaps: Absence of inter-protocol slashing simulation safeguards; delayed detection due to reliance on off-chain monitoring tools.

Detailed Analysis

1. The Rise of Liquid Staking and Composability Risks

Liquid staking tokens (LSTs) such as stETH have become foundational to DeFi, enabling users to earn staking rewards while retaining liquidity. Curve’s stETH/ETH pool—a 1:1 market for stETH and ETH—serves as a critical liquidity backbone, facilitating over $1.8B in daily volume. However, the composability of stETH with AMMs introduces attack surface beyond individual protocols. Specifically, stETH’s rebasing mechanism (daily balance adjustments based on staking rewards) interacts unpredictably with Curve’s virtual price calculation, which uses a time-weighted average price (TWAP) oracle.

In this attack, adversaries exploited a discrepancy between the on-chain rebasing of stETH and the off-chain oracle assumptions used by Curve. By front-running stETH rebases with large swaps, attackers artificially inflated the pool’s stETH virtual price, triggering a false slashing signal.

2. Anatomy of the Attack: From Rebase to Robbery

The exploit unfolded in three phases:

1. Preparation: Attackers deposited large amounts of stETH into the Curve pool when the virtual price was low (post-rebase).
2. Oracle Manipulation: By timing swaps to coincide with stETH’s rebasing cycle, attackers caused the TWAP oracle to register a higher-than-actual stETH price.
3. Triggering the Exploit: The inflated virtual price was interpreted by the pool’s emergency withdrawal logic as a slashing event—i.e., stETH was suddenly worth less than ETH due to misbehavior (even though no actual slashing occurred). This triggered the protocol’s emergency withdrawal mechanism, allowing users to withdraw ETH at a 1:1 ratio against the now-overvalued stETH.

The emergency withdrawal function, designed to protect LPs from slashing, became the attack vector. Since the pool believed stETH was slashed, it allowed immediate redemption of stETH for ETH at par—effectively draining the pool of real ETH while leaving stETH holders with devalued tokens.

3. Why Traditional Defenses Failed

• No Cross-Protocol Slashing Simulation: Curve’s emergency logic assumed slashing was an external event, not a protocol-induced artifact. There was no simulation layer to validate whether a slashing signal aligned with on-chain evidence (e.g., validator exits, penalties).
• Oracle Latency: The TWAP oracle (60-minute window) lagged behind real-time stETH rebasing, enabling short-term price inflation to propagate into emergency logic.
• Lack of Circuit Breakers: No inter-protocol coordination existed between Lido (stETH issuer), Curve (pool), and Chainlink (oracle). A circuit breaker halting withdrawals during oracle inconsistencies could have prevented the drain.

4. The Aftermath and Systemic Implications

Following detection, Curve DAO and Lido jointly issued a coordinated emergency response, including:

• Freezing the stETH/ETH pool.
• Deploying a patched pool contract with stricter slashing validation.
• Integrating a real-time stETH balance feed from Lido into the oracle pipeline.

While the immediate loss was recovered via community fund contributions and protocol insurance, the incident exposed systemic fragility in DeFi’s composable architecture. It demonstrated how a vulnerability in one protocol (Lido’s rebasing) could cascade into another (Curve’s pool), despite no direct bug in either.

Recommendations

To prevent future LiquidStakingPoison-style attacks, the following measures are advised:

• Cross-Protocol Slashing Validation: All AMMs integrating LSDs must implement a real-time slashing oracle that cross-references validator penalties, exit events, and protocol-level balances. Integration with Beacon Chain APIs is critical.
• Dynamic Oracle Calibration: Replace static TWAP windows with adaptive oracles that adjust for rebasing schedules and staking reward distributions. Consider using median-of-oracles with time-weighted deviation bounds.
• Circuit Breakers for Emergency Logic: Implement multi-sig or DAO-controlled pause mechanisms for emergency withdrawal functions, activated when slashing signals are inconsistent with on-chain state.
• Formal Verification of Composability: LSD issuers and AMMs should subject composable interactions to formal verification, modeling token behavior under edge cases (e.g., negative rebases, mass exits).
• Incentivized Bug Bounties: Expand bounty programs to include cross-protocol attack simulations, rewarding white-hat researchers who identify oracle misalignments or emergency logic exploits.

FAQ

1. How was the attack detected?

The exploit was first flagged by a community-run DeFi monitoring bot that detected anomalous withdrawal patterns in the stETH/ETH pool. On-chain forensics revealed a correlation between stETH rebases and emergency withdrawal triggers, leading to identification of the oracle manipulation vector.

2. Could this have been prevented with existing tools?

Yes—tools like DeFiLlama and Tenderly could have detected the anomaly if integrated with real-time slashing feeds. However, the absence of a unified monitoring standard across protocols delayed detection.

3. What lessons should DeFi developers draw from this incident?

Developers must adopt a composability-first security mindset. This means treating external protocols as untrusted dependencies, implementing runtime validation, and designing fallback mechanisms that account for cross-protocol state inconsistencies.