Security Alarm for Ethereum Altcoin: How Much ETH Was Lost in the Leak? - Coin Bulletin

Question

div[id^="wrapper-sevio-ce3d7766-392e-4b02-a3c2-0c36f7cc4b81"] { display: inline-block; padding-top: 10px; padding-bottom: 10px; }

@media only screen and (min-width: 0px) and (min-height: 0px) { div[id^="wrapper-sevio-ce3d7766-392e-4b02-a3c2-0c36f7cc4b81"] { width: 320px; height: 100px; } }

@media only screen and (min-width: 728px) and (min-height: 0px) { div[id^="wrapper-sevio-ce3d7766-392e-4b02-a3c2-0c36f7cc4b81"] { width: 728px; height: 90px; } }

Lido Finance, the largest liquid staking protocol on Ethereum, managed to protect user funds with minimal loss as a result of the compromise of an oracle key.

Lido Finance, which has an important place in the cryptocurrency ecosystem**, prevented a possible disaster by acting quickly on the security alert over the weekend. A private key belonging to validator operator Chorus One was compromised, resulting in the loss of approximately $4,200, worth just 1.46 ETH, while user funds remained safe and the protocol continued to function.

After receiving a low balance warning early on Sunday, the Lido team noticed suspicious activities and determined that the issue stemmed from an oracle private key created in 2021, which was not as secure as the new keys. Since Lido's oracle system requires the approval of at least 5 out of 9 different keys, the compromise of a single key did not pose a significant threat.

div[id^="wrapper-sevio-b3ce5b60-2c13-4244-9d7d-ac51d3cdb72e"] { display: inline-block; padding-top: 10px; padding-bottom: 10px; }

@media only screen and (min-width: 0px) and (min-height: 0px) { div[id^="wrapper-sevio-b3ce5b60-2c13-4244-9d7d-ac51d3cdb72e"] { width: 320px; height: 100px; } }

@media only screen and (min-width: 728px) and (min-height: 0px) { div[id^="wrapper-sevio-b3ce5b60-2c13-4244-9d7d-ac51d3cdb72e"] { width: 728px; height: 90px; } }

Emergency DAO voting has been initiated

Following the security breach, Lido DAO initiated an emergency vote to change the compromised oracle key. This vote will reassign the seized key across three different contracts: Accounting Oracle, Validators Exit Data Path Oracle, and CS Fee Oracle. The newly created key has been generated with enhanced security controls to prevent similar incidents from occurring.

In a statement from the Lido team, it was stated that "The protocol is completely secure and functional," while Chorus One noted that the incident was an "isolated case" and that there were no other threats to the protocol. It was also emphasized that the activities of the attacker indicated that they were carried out by an automated system rather than a targeted attack.

The incident coincided with the node issues experienced by some oracle operators following the recent Pectra update carried out by Ethereum. Currently, the compromised address 0x140B has been replaced with the more secure address 0x285f, while the voting on the chain has been approved, and as of Monday in Asia time, it has entered a 48-hour objection period.