Lido Oracle Update🚨
On May 9th, a wallet managed by Chorus One and used to vote in the Lido Oracle was compromised. The attacker drained 1.4 ETH from the wallet. The wallet has since been removed from other oracle allowlists and rotated to a new address. An emergency DAO vote is in process.
Our team has been working around the clock alongside Lido to investigate the root cause. Preliminary findings suggest that the wallet’s private key, generated in 2021, was improperly stored in a LastPass account by a team member. This violated our internal security policies at the time.
We fully decommissioned LastPass usage and overhauled our key management infrastructure during our ISO 27001 certification process, completed in 2024. This wallet was not used to store assets, which likely contributed to the original mishandling.
At the time of writing, it is our view that no customer funds or validator infrastructure were affected, and this incident remains isolated.
We will share a full post-mortem as soon as the ongoing investigation concludes.
⚠️ Emergency Lido DAO vote announcement: rotate single Lido Oracle related to compromised Chorus One oracle private key.
Stakers are not affected. The protocol remains secure and fully operational. The oracle system is robust by design, with a 5/9 quorum, and all other participants remain safe.
✔️ Oracle ops functioning, no sign of issue in oracle software or reports
✔️ Other eight oracles checked and no signs of compromise
✔️ No signs of broader Chorus One compromise
The vote will be started shortly.
193.87 k
0
El contenido al que estás accediendo se ofrece por terceros. A menos que se indique lo contrario, OKX no es autor de la información y no reclama ningún derecho de autor sobre los materiales. El contenido solo se proporciona con fines informativos y no representa las opiniones de OKX. No pretende ser un respaldo de ningún tipo y no debe ser considerado como un consejo de inversión o una solicitud para comprar o vender activos digitales. En la medida en que la IA generativa se utiliza para proporcionar resúmenes u otra información, dicho contenido generado por IA puede ser inexacto o incoherente. Lee el artículo enlazado para más detalles e información. OKX no es responsable del contenido alojado en sitios de terceros. Los holdings de activos digitales, incluidos stablecoins y NFT, suponen un alto nivel de riesgo y pueden fluctuar mucho. Debes considerar cuidadosamente si el trading o holding de activos digitales es adecuado para ti según tu situación financiera.