News 
Coin Information 
About us 
Customer Service 
Lido, Ethereum’s leading liquid staking protocol, narrowly avoided a major security incident after one of its nine oracle keys was compromised. The breach involved validator operator Chorus One and resulted in the theft of only 1.46 ETH (around $4,200) in gas fees, with no user funds impacted.
Lido currently secures over 25% of all staked ETH, positioning it as one of the most critical DeFi protocols in the Ethereum ecosystem. Its oracle system relies on a 5-of-9 quorum model to report Ethereum consensus data to smart contracts. This structure ensures security even if up to four keys are compromised.
The compromised key was linked to a hot wallet created in 2021 and lacked the advanced security features used for newer keys. Suspicious activity was first detected early Sunday when a low-balance alert prompted further investigation. Both Lido and Chorus One confirmed via X (formerly Twitter) that no broader compromise occurred.
In response, Lido initiated an emergency DAO vote to rotate the affected oracle key across three smart contracts: the Accounting Oracle, the Validators Exit Bus Oracle, and the CS Fee Oracle. The new key, generated with enhanced security controls, has replaced the compromised address (0x140B) with a secure one (0x285f). The on-chain vote is now in a 48-hour objection period.
Coincidentally, the breach occurred amid unrelated technical issues affecting other oracle operators, including a minor Prysm client bug caused by Ethereum’s recent Pectra upgrade, which temporarily delayed oracle reports on May 10.
The swift and transparent handling of the incident highlights Lido’s robust governance and security framework, reinforcing trust in the protocol’s resilience and importance within Ethereum’s staking infrastructure.
Comment 0