- Lido triggered an emergency vote to remove a compromised oracle operated by Chorus One after attackers drained its ETH due to a leaked hot-wallet key—an operational error, not a protocol flaw.
- Only the Chorus One feed was affected; Lido’s validator sets, user funds, and other oracles remain secure.
- The compromised oracle will be rotated out, and Chorus One is setting up a new server with fresh keys.
The governance arm behind Lido’s liquid‑staking protocol has triggered an emergency on‑chain vote to eject a single oracle operated by Chorus One after attackers drained the node’s Ether balance.
The move came within hours of Lido contributors confirming that the oracle’s hot‑wallet key had leaked—an operational failure rather than a flaw in Lido’s smart‑contract code or oracle software.
Only the Chorus One feed was hit. Validator sets, user deposits, and the protocol’s other oracles remain intact, at least according to Lido.
Even so, the address’s funds are gone, and the compromised key cannot be trusted. Chorus One is spinning up a replacement server under a fresh key pair, while Lido’s vote will rotate the oracle slot to restore the protocol’s redundancy.
Related: 11 Mainnet Improvements Made in Ethereum’s Biggest Upgrade Since the Merge
What Happened?
Chorus One blamed the incident on an exposed hot wallet, adding that a forensic review is under way to confirm exactly when and how the credentials leaked. Until new infrastructure is live, the firm has frozen the affected signer and revoked its permissions.
The episode is a classic reminder that DeFi attacks extend far beyond on‑chain code. Oracles bridge external data into smart contract systems; if a single operator mishandles keys, millions in collateral can slip away in minutes—regardless of how robust the underlying protocol is.
Not just projects, but infrastructure and cold wallets, and pretty much everything connected to the internet can be in danger. Even Ledger, one of the most sound safety devices, has had to warn its customers about a new phishing scheme to defraud users.
Security firm Hacken estimates more than US$2B (AU$3.12B) in crypto was stolen through hacks, scams, and code exploits in the first quarter of 2025. Roughly US$1.5B (AU$2.18B) of that came from the Bybit breach in February, but April alone still saw over US$357M (AU$557M) vanish across smaller incidents.
Related: Adidas Teams Up with Xociety for Limited-Edition Sui NFT Mystery Boxes
Credit: Source link
