Lido secures over 25% of all ether (ETH) staked on the Ethereum network, making it a critical part of the blockchain ecosystem. The protocol relies on a group of nine oracle keys to report Ethereum consensus data to its smart contracts. These keys use a 5-of-9 quorum system, which means that up to four compromised keys will not impact the system’s overall security.
The issue was first detected early Sunday when a low-balance alert triggered an investigation. It revealed unauthorized access to a hot wallet oracle key used by Chorus One. The key was created in 2021 and did not meet current security standards, according to a post by Chorus One on X (formerly Twitter).
In response, Lido launched an emergency DAO (decentralized autonomous organization) vote to replace the compromised key across three smart contracts: the Accounting Oracle, the Validators Exit Bus Oracle, and the CS Fee Oracle. A new key has been created with improved security measures to prevent future breaches.
The compromised address (0x140B) is being replaced with a new secure address (0x285f). The on-chain vote to approve the change has already passed and entered a 48-hour objection period as of Monday morning in Asia.
The incident happened at a time when some oracle operators were dealing with unrelated technical issues, including a minor Prysm bug caused by Ethereum’s recent Pectra upgrade, which briefly delayed oracle reporting on May 10.
Despite the breach, Lido’s swift response and secure design ensured that the incident remained low-impact. The protocol continues to function normally.
Tags:
Cybercrime in World
