Reported by The Block: A protocol reporting oracle for Ethereum staking protocol Lido was compromised on Saturday, sparking a Lido DAO vote to rotate the address.
Only about 1.5 ETH was lost in the attack, which oracle operator Chorus One called an “isolated incident.”
“The protocol remains secure and fully operational,” Lido said.
Ethereum staking protocol Lido remains "fully secure and operational" after an attacker compromised one of its protocol reporting oracles, draining nearly 1.5 ETH and sparking an emergency DAO vote to rotate the oracle's address.
Chorus One, which operates the oracle, said the attack appears to be an "isolated incident" without further threats to the protocol. "We have thoroughly audited our entire infrastructure and found no evidence of any broader compromise," Chorus One wrote on X.
The attacker drained 1.46 ETH worth about $3,800 from the compromised address, blockchain data shows. "Investigation on all fronts is still ongoing; we will share a full postmortem after we conclude the investigation," Chorus One added on Lido's governance forum. "Activity of the exploiter points towards an automated system, rather than a targeted attack."
Though the attacker was able to drain the oracle address's ETH balance (which was purposely held at a low level, Chorus One said), the attack didn't threaten Lido's operations, as its protocol reporting oracles require a 5-of-9 consensus.
"In the worst case, [compromised oracles] may mean something like stETH rebases (whether positive or negative) take longer to materialize, which will affect stETH holders but mostly in a negligible manner apart from those who may be using stETH in a leveraged manner in DeFi," wrote Lido head of validators Izzy on X.
The Lido DAO vote to rotate the compromised address currently has unanimous support, though it has not yet reached quorum.
"Oracles are complex and vary in their usage across DeFi," Izzy wrote. "In Lido, they're a carefully considered part of the protocol, and possible negative impact is meaningfully mitigated through effective decentralization, segregation of duties, and multiple layers of checks."
Lido
