Lido Rotates Oracle Key After 1.46 ETH Breach

Lido, an Ethereum staking protocol, took immediate action over the weekend to address a security threat after one of its oracle keys, managed by validator operator Chorus One, was compromised. The incident, which involved the unauthorized access to a hot wallet used for oracle voting, resulted in the transfer of 1.46 ETH. Despite this breach, Lido assured users that the protocol remains secure and fully operational.

The breach was discovered on May 10 when a contributor noticed a low balance alert on the affected wallet. Subsequent investigations revealed that the key had been accessed by an unauthorized party. This prompted a swift response from Lido contributors and Chorus One to contain the situation. The compromised wallet, created in 2021, was used to sign oracle reports but was not protected under the same strict standards as other infrastructure, as clarified by Chorus One.

Lido’s oracle system is designed with resilience in mind, featuring a 5-of-9 quorum mechanism that ensures no single operator can jeopardize the integrity of the oracle network. All remaining oracle addresses and the software infrastructure passed integrity checks with no signs of further compromise. In response to the incident, Lido initiated an emergency DAO vote to rotate the affected oracle key across three contracts: the Accounting Oracle, Validators Exit Bus Oracle, and CS Fee Oracle. The vote, launched immediately after the breach was confirmed, will run for 72 hours with a subsequent 48-hour objection window. The replacement key has already been generated and securely stored using updated security protocols.

Ask Aime: "Was Lido's security breach a significant risk to users?"

In addition to the oracle key breach, Lido’s infrastructure faced minor node issues on May 10 that briefly disrupted oracle reports. These delays were caused by unrelated technical issues affecting four other oracle operators, specifically stemming from node-level bugs. However, these issues were resolved quickly and had no impact on user funds or staking operations. Chorus One, which runs validator services across multiple networks, addressed concerns about the compromised wallet, explaining that it had always held low balances and was never used to store client assets. Therefore, no customer funds were at risk. Chorus One also noted that the incident does not reflect its current security standards, as the firm now secures oracle keys using HashiCorp Vault and enforces strict role-based access controls.

Lido has promised a full post-mortem once its ongoing investigation concludes. In the meantime, a review of oracle infrastructure and security practices is underway to prevent recurrence. The protocol’s swift response and robust security measures have ensured that user funds remain safe, and the protocol continues to operate smoothly despite the incident.