Earlier today, one of Lido’s oracle signing keys, operated by Chorus One, was compromised. What does this mean?
()
Most importantly: The oracle isn't a multi-sig. It doesn’t custody funds and cannot drain the protocol. No user deposits were ever at risk.
So, what exactly is this oracle for? Lido uses a 5-of-9 oracle to report Ethereum consensus layer state to Ethereum execution layer smart contracts. Basically, it informs the Lido contracts how much validators earned for users that day, whether any slashings occurred, etc.
What's the worst-case scenario? If the entire oracle were compromised, it could misreport the consensus layer state, causing stETH to slightly rebase in either direction. However, the impact is significantly limited, as the Lido protocol strictly bounds what oracle updates it accepts.
You might have heard the attacker stole 1.4 ETH. True—but this was gas money sitting in the compromised account, unrelated to the protocol. Due to how the oracle aggregates reports from multiple signers, compromising even four keys wouldn't affect the final outcome. Even with five or more, the potential damage is tightly bounded.
The fact that CL state isn't directly available on the EL is a known Ethereum limitation all staking pools face. Actually, this is a perfect example of how Lido approaches security—actively hardening all external dependencies. Not only does Lido have tight sanity checks on allowed updates, but next year the entire mechanism will transition to a ZK proof. (
For more details on today's incident, technical insights into Lido’s oracle design, and what makes our security culture stand out, check out Izzy’s thread as well:
⚠️ Emergency Lido DAO vote announcement: rotate single Lido Oracle related to compromised Chorus One oracle private key.
Stakers are not affected. The protocol remains secure and fully operational. The oracle system is robust by design, with a 5/9 quorum, and all other participants remain safe.
✔️ Oracle ops functioning, no sign of issue in oracle software or reports
✔️ Other eight oracles checked and no signs of compromise
✔️ No signs of broader Chorus One compromise
The vote will be started shortly.
106.4K
146
The content on this page is provided by third parties. Unless otherwise stated, OKX is not the author of the cited article(s) and does not claim any copyright in the materials. The content is provided for informational purposes only and does not represent the views of OKX. It is not intended to be an endorsement of any kind and should not be considered investment advice or a solicitation to buy or sell digital assets. To the extent generative AI is utilized to provide summaries or other information, such AI generated content may be inaccurate or inconsistent. Please read the linked article for more details and information. OKX is not responsible for content hosted on third party sites. Digital asset holdings, including stablecoins and NFTs, involve a high degree of risk and can fluctuate greatly. You should carefully consider whether trading or holding digital assets is suitable for you in light of your financial condition.