Steadefi: Compromised Deployer Key → Ownership Transfer

Steadefi lost $1.14M when its deployer address — which retained admin ownership of all vaults, never transferred to a multisig — was compromised, letting the attacker grant open borrowing permissions and drain both its Arbitrum and Avalanche lending vaults.

Occurred 2023-08-07 Loss $1M Status closed

Summary #

Steadefi suffered a Yield Aggregator / Leveraged Farming on 2023-08-07, resulting in a loss of approximately $1M.

What happened #

Linked factors #

RD-F-006 — causal : Audit-deploy gap (RD-F-006 time between audit and deploy) [via dashboard_risk_factors/Exploited code newly deployed/upgraded?: N — standard vault ownership pattern exploited; no recent upgrade] || Audit-deploy gap — alternate field name [via dashboard_risk_factors/Exploited code newly deployed/upgraded?: N — standard vault ownership pattern exploited; no recent upgrade]
RD-F-007 — related : Bug bounty absent — baseline integrity gap [via dashboard_risk_factors/Bug bounty: Unknown]
RD-F-027 — causal : ★ Single admin EOA — when value mentions key compromise [via realtime_signals/Governance/admin action: Y — Ownership transfer from deployer to attacker address is the key on-chain action; monitoring for unexpected ownership transfer events on ...]
RD-F-101 — illustrative : Large governance proposal queued — RT signal would have fired [via realtime_signals/Governance/admin action: Y — Ownership transfer from deployer to attacker address is the key on-chain action; monitoring for unexpected ownership transfer events on ...]
RD-F-126 — causal : Is-a-fork-of (Cat 8 anchor) [via dashboard_risk_factors/Forked?: Y — leveraged yield farming model similar to Alpaca Finance, Beefy]
RD-F-146 — related : New deploys in last 30 days — fresh attack surface [via dashboard_risk_factors/Exploited code newly deployed/upgraded?: N — standard vault ownership pattern exploited; no recent upgrade]