Reported by The Block, one of the key node operators for Lido Finance, InfStones, will temporarily withdraw its Ethereum validators from the liquid staking protocol and implement key rotations in response to a significant vulnerability revealed by dWallet Labs' security researchers.
The vulnerability, linked to the open-source library Tailon, was reported to InfStones in July 2023 and has since been resolved. Nonetheless, this event has led to the adoption of preventative security measures.
Lido Finance confirmed the vulnerability was related to potential root-level access that impacted 25 of InfStones’ validator servers. Lido clarified, however, that there’s no evidence of any key leakage or exploitation as a result of this issue.
"To clarify: There is currently no indication of key leakage or compromise, and the vulnerability may not affect validators related the Lido protocol," it said.
In its security report, dWallet Labs alleged the vulnerability could have potentially triggered a security breach impacting the ETH staked through InfStones’ nodes on Lido. Consequently, the firm recommended the rotation of validator keys for all nodes that were possibly exposed to the vulnerability.
InfStones said the issue flagged by dWallet only affected a small part of its infrastructure, with less than 0.1% of its systems via a specific network port on its network that had the issue. As such it implied the affected validator nodes was a small number.
Ethereum
Staking
