Bitcoin Briefly Tops $105K As Markets Rally on China-US Trade Deal
Hacking Attempt on Lido Results in 1.4 Ether Lost From Oracle Provider
- News In 4 Seconds
Shaurya Malwa
- 0
- 17 minutes read
BTC
$103,964.33
+
0.10%
ETH
$2,499.72
–
0.97%
USDT
$0.9999
–
0.01%
XRP
$2.3988
+
0.46%
BNB
$655.93
–
0.66%
SOL
$174.79
+
0.02%
USDC
$0.9998
–
0.01%
DOGE
$0.2391
+
1.93%
ADA
$0.8153
+
1.52%
TRX
$0.2635
+
0.00%
SUI
$4.1698
+
4.81%
LINK
$17.04
+
2.15%
AVAX
$25.14
+
0.88%
PI
$1.3681
+
44.32%
SHIB
$0.0₄1634
+
1.24%
XLM
$0.3094
+
0.08%
HBAR
$0.2089
–
0.32%
TON
$3.4339
+
0.84%
HYPE
$24.77
+
1.47%
BCH
$408.02
–
1.33%
Share this article
By Shaurya Malwa|Edited by Parikshit Mishra
May 12, 2025, 5:53 a.m.
- Lido, Ethereum’s largest liquid staking protocol, avoided a security incident after a key used by validator operator Chorus One was compromised.
- The breach led to the theft of 1.46 ETH in gas fees, but no user funds were affected, and no broader compromise was detected.
- Lido has initiated an emergency DAO vote to rotate the compromised oracle key, enhancing security to prevent future incidents.
Lido, Ethereum’s largest liquid staking protocol, avoided a major security incident after one of its nine oracle keys was compromised in what appears to be a low-impact but serious breach involving validator operator Chorus One.
Lido secures over 25% of all ETH staked on Ethereum, making it one of the most systemically important protocols in the Ethereum ecosystem.
STORY CONTINUES BELOW
Don’t miss another story.Subscribe to the The Protocol Newsletter today.See all newslettersBy signing up, you will receive emails about CoinDesk products and you agree to ourterms of useandprivacy policy.
The compromised key was tied to a hot wallet used for oracle reporting, leading to the theft of just 1.46 ETH ($4,200) in gas fees. No user funds were affected, and no broader compromise was detected, per X posts from both Lido and Chorus One
Lido’s oracle system is a blockchain-based tool that supplies Ethereum consensus data to Lido’s smart contracts using a 5-of-9 quorum mechanism. This means that even if one or two keys are compromised, the system can function securely.
Contributors first detected the suspicious activity early Sunday after a low-balance alert triggered a closer look at the address. It revealed unauthorized access to an oracle private key used by Chorus One that was originally created in 2021 and not secured to the same standards as newer keys, the firm said in an X post.
In response, Lido has launched an emergency DAO vote to rotate the compromised oracle key across three contracts: the Accounting Oracle, the Validators Exit Bus Oracle, and the CS Fee Oracle. The new key has been generated using better security controls to avoid any repeat.
The hack occurred just as several other oracle operators were experiencing unrelated node issues, including a minor Prysm bug introduced by Ethereum’s recent Pectra upgrade, briefly delaying oracle reports on May 10.
The compromised address (0x140B) is being replaced by a new secure address (0x285f), with the on-chain vote already approved and in its 48-hour objection period as of Asian morning hours Monday.
Shaurya is the Co-Leader of the CoinDesk tokens and data team in Asia with a focus on crypto derivatives, DeFi, market microstructure, and protocol analysis.
Shaurya holds over $1,000 in BTC, ETH, SOL, AVAX, SUSHI, CRV, NEAR, YFI, YFII, SHIB, DOGE, USDT, USDC, BNB, MANA, MLN, LINK, XMR, ALGO, VET, CAKE, AAVE, COMP, ROOK, TRX, SNX, RUNE, FTM, ZIL, KSM, ENJ, CKB, JOE, GHST, PERP, BTRFLY, OHM, BANANA, ROME, BURGER, SPIRIT, and ORCA.
He provides over $1,000 to liquidity pools on Compound, Curve, SushiSwap, PancakeSwap, BurgerSwap, Orca, AnySwap, SpiritSwap, Rook Protocol, Yearn Finance, Synthetix, Harvest, Redacted Cartel, OlympusDAO, Rome, Trader Joe, and SUN.
