Lido, Ethereum’s leading liquid staking protocol, narrowly averted a significant security breach. A compromised oracle key, part of a nine-key system managed by validator operator Chorus One, resulted in the theft of a minimal amount of funds—1.46 ETH ($4,200) in gas fees. Importantly, no user funds were affected, and a broader compromise was successfully prevented.
This incident highlights a crucial aspect of Lido’s security architecture: a blockchain-based oracle system employing a 5-of-9 quorum mechanism. This redundancy ensures the system’s continued operation even with multiple key compromises (up to four). The compromised key belonged to a hot wallet used for oracle reporting and was created in 2021, lacking the enhanced security measures implemented for newer keys.
The breach was detected early Sunday following a low-balance alert. A subsequent investigation revealed unauthorized access to the compromised key. In response, Lido initiated an emergency DAO vote to replace the compromised key across three contracts: the Accounting Oracle, the Validators Exit Bus Oracle, and the CS Fee Oracle. A new key, generated with improved security protocols, has been deployed.
The timing of this incident coincided with unrelated node issues faced by other oracle operators, including a minor Prysm bug stemming from Ethereum’s recent Pectra upgrade. This caused temporary delays in oracle reporting on May 10th. The compromised address (0x140B) has been replaced by a new, secure address (0x285f). The on-chain vote approving this change has concluded its 48-hour objection period.
This event underscores the importance of robust security practices, especially for protocols managing significant assets within the cryptocurrency ecosystem. Lido’s swift response and the inherent redundancy built into its system mitigated the potential impact of this security incident, demonstrating a proactive approach to risk management. The incident serves as a reminder of the ongoing need for vigilance and continuous improvement in security measures within the decentralized finance (DeFi) space.
