Lido Oracle Update🚨
On May 9th, a wallet managed by Chorus One and used to vote in the Lido Oracle was compromised. The attacker drained 1.4 ETH from the wallet. The wallet has since been removed from other oracle allowlists and rotated to a new address. An emergency DAO vote is in process.
Our team has been working around the clock alongside Lido to investigate the root cause. Preliminary findings suggest that the wallet’s private key, generated in 2021, was improperly stored in a LastPass account by a team member. This violated our internal security policies at the time.
We fully decommissioned LastPass usage and overhauled our key management infrastructure during our ISO 27001 certification process, completed in 2024. This wallet was not used to store assets, which likely contributed to the original mishandling.
At the time of writing, it is our view that no customer funds or validator infrastructure were affected, and this incident remains isolated.
We will share a full post-mortem as soon as the ongoing investigation concludes.
⚠️ Emergency Lido DAO vote announcement: rotate single Lido Oracle related to compromised Chorus One oracle private key.
Stakers are not affected. The protocol remains secure and fully operational. The oracle system is robust by design, with a 5/9 quorum, and all other participants remain safe.
✔️ Oracle ops functioning, no sign of issue in oracle software or reports
✔️ Other eight oracles checked and no signs of compromise
✔️ No signs of broader Chorus One compromise
The vote will be started shortly.
19.39萬
0
本頁面內容由第三方提供。除非另有說明,OKX 不是所引用文章的作者,也不對此類材料主張任何版權。該內容僅供參考,並不代表 OKX 觀點,不作為任何形式的認可,也不應被視為投資建議或購買或出售數字資產的招攬。在使用生成式人工智能提供摘要或其他信息的情況下,此類人工智能生成的內容可能不準確或不一致。請閱讀鏈接文章,瞭解更多詳情和信息。OKX 不對第三方網站上的內容負責。包含穩定幣、NFTs 等在內的數字資產涉及較高程度的風險,其價值可能會產生較大波動。請根據自身財務狀況,仔細考慮交易或持有數字資產是否適合您。