Lido, Ethereum’s largest liquid staking protocol, avoided major security incidents after one of its nine Oracle keys was breached with what appears to be a serious violation, including a low impact, yet serious violation.
Lido has secured over 25% of all Eths bets on Ethereum, making it one of the most systematically important protocols in the Ethereum ecosystem.
The compromised key was tied to a hot wallet used for Oracle Reporting, leading to the theft of just 1.46 ETH ($4,200) on gas charges. With each X post from both Lido and Chorus One, the user fund was not affected and no broader compromises were detected
Lido’s Oracle System is a blockchain-based tool that uses a nine-fifth quorum mechanism to provide Ethereum consensus data to Lido’s smart contracts. This means that the system can function safely even if one or two keys are compromised.
Contributors first detected suspicious activity early on Sunday after a poorly balanced alert looked closely at the address. This reveals unauthorized access to Oracle’s private keys used by Chorus One, originally created in 2021, and is not pinned to the same criteria as the new key, the company said in X Post.
In response, Lido has launched an emergency DAO vote to rotate the compromised Oracle key in three contracts: Accounting Oracle, Validators are Oracle on the bus, CS Fee Oracle. New keys are generated using better security controls and avoid repeated repetition.
Hacks occurred, as several other Oracle operators have experienced issues with unrelated nodes, such as the minor Pridom bug introduced by Ethereum’s recent Pectra upgrade, and temporarily postponed the Oracle Report on May 10th.
The infringed address (0x140b) has been replaced by a new secure address (0x285F), and on-chain voting has already been approved, and has been challenged for 48 hours as of Monday’s Asian morning.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
