Lido's Ethereum Staking Protocol Thwarts Major Hack Attempt, Loses Only 1.4 ETH

Lido Finance, Ethereum's largest liquid staking protocol, narrowly avoided a major security incident after one of its nine oracle keys was compromised. The breach, linked to validator operator Chorus One, resulted in minimal losses—just 1.46 ETH (~$4,200) stolen as gas fees. No user funds were affected, and no wider exploits were detected, according to joint statements from Lido and Chorus One.

Key Details of the Incident

• Compromised System: A leaked oracle key tied to a hot wallet used for reporting.
• Attack Impact: 1.46 ETH siphoned as gas fees; zero user fund losses.
• Detection: Low-balance alerts triggered investigations, revealing unauthorized access to a 2021-era Chorus One private key with outdated security standards.

👉 Learn how Lido secures 25%+ of staked ETH

How Lido's Oracle Safeguards Work

Lido’s oracle system employs a 5-of-9 quorum mechanism to deliver Ethereum consensus data to its smart contracts. This design ensures resilience even if multiple keys are compromised:

1. Multi-Signature Security: Requires consensus from 5+ oracle operators.
2. Fail-Safe Protocols: Isolates breaches without disrupting operations.

Immediate Response and Mitigation

Lido’s team acted swiftly to contain the threat:

• Emergency DAO Vote: Approved rotating the compromised key across three critical contracts:

  1. Accounting Oracle
  2. Validator Exit Bus Oracle
  3. CS Fee Oracle
• Enhanced Key Generation: New keys implemented stricter security controls.

Context: Unrelated Node Issues During Attack

Coinciding with the hack, several oracle operators faced unrelated technical challenges:

• Pectra Upgrade Bug: A minor Prysm error delayed oracle reports on May 10.
• Node Synchronization: Temporary disruptions resolved without affecting security.

👉 Explore Ethereum's staking security landscape

Post-Attack Updates

• Address Replacement: Compromised address (0x140B) is being replaced by a secure new one (0x285f).
• Governance Timeline: Chain vote passed, with a 48-hour objection period active as of Monday morning (Asia time).

FAQs

Q: Was user ETH staked via Lido at risk during the hack?

A: No. The breach only affected gas fees from a hot wallet; staked ETH remained fully secure.

Q: How does Lido’s oracle system prevent single points of failure?

A: The 5-of-9 quorum ensures attacks require compromising multiple keys simultaneously—making large-scale exploits highly unlikely.

Q: What changes is Lido making to prevent future incidents?

A: Beyond key rotation, the team now enforces uniform security standards for all keys, including legacy ones.

Q: Could this delay Ethereum’s Pectra upgrades?

A: Unlikely. The Prysm bug was minor and resolved quickly, with no impact on upgrade timelines.