Lido Avoids Major Breach After Oracle Key Compromised in Chorus One Incident

Ethereum’s leading liquid staking protocol, Lido, narrowly averted a significant security threat after one of its nine oracle keys was compromised. The breach, traced back to validator operator Chorus One, resulted in a minor loss of 1.46 ETH (approximately $4,200) in gas fees. Importantly, no user funds or critical protocol operations were affected.

Lido currently secures over 25% of all staked ether (ETH), making its infrastructure vital to the Ethereum ecosystem. The affected key was tied to a hot wallet used for oracle data reporting. According to Lido and Chorus One, the compromised private key was created in 2021 and lacked the enhanced security standards of newer keys.

Lido’s oracle system uses a 5-of-9 multisig quorum model, ensuring functionality even if up to four keys are compromised. This design helped contain the incident’s impact. The suspicious activity was first identified early Sunday when a low-balance alert prompted further investigation, uncovering unauthorized access.

As an immediate response, Lido initiated an emergency DAO vote to rotate the affected oracle key across three critical contracts: the Accounting Oracle, Validators Exit Bus Oracle, and CS Fee Oracle. A new, more secure key (0x285f) replaces the compromised one (0x140B). The vote has passed and is now in a 48-hour objection window as of Monday morning in Asia.

Notably, the breach occurred amid unrelated technical issues faced by other oracle operators, including a Prysm bug linked to Ethereum’s recent Pectra upgrade, which briefly delayed reporting on May 10.

While the financial impact was minimal, the incident underscores the importance of rigorous key management and proactive protocol governance in safeguarding Ethereum’s staking infrastructure.