Lido Launches DAO Vote After Oracle Key Compromise

Key Takeaways:One Chorus One Lido oracle key compromised; DAO vote launched for emergency rotation.eProtocol security remains intact; all other oracles verified uncompromised.Oracle operations resumed after minor delays; root cause investigation underway.An emergency DAO vote has been announced by Lido contributors following the detection of a compromised oracle key operated by Chorus One. The affected key, responsible for critical data reporting functions, was flagged after an alert showed a sudden depletion in its ETH balance.Investigation is ongoing.Incident details, root cause updates, vote details — all in the forum post: https://t.co/vn4gq8W82gOnce the investigation is complete, we’ll share the full results here and on the research forum.— Lido (@LidoFinance) May 11, 2025Subsequent investigation traced the issue to a probable private key leak, possibly from a previously used hot wallet. The incident does not indicate a broader breach of Chorus One’s infrastructure or oracle system integrity.This prompted immediate action, including isolation of the compromised key and preparation for replacement on three Oracle contracts: AccountingOracle, ValidatorsExitBusOracle, and CSFeeOracle.The affected address (0x140B.) will be substituted with a fresh, secure key (0x285f.). Inasmuch as the incident is severe, there is no loss of staker funds or integrity of staking protocol for Lido. The 5-of-9 quorum model for the system has inherent redundancy and robustness, inherently avoiding single points of failure.Lido Demonstrates Strong Layered Security ResponseLabs emphasizes Lido’s multi-layered incident response and security strategy throughout its reply. The rapid collaboration of the team with Chorus One and a full audit of all other oracles prevented wider disruption within the system.All eight remaining oracle operators were verified as being secure, with no irregularities within the reporting infrastructure or software layers.On May 10th, Lido’s Oracle system experienced minor reporting delays due to unrelated issues affecting four other Oracle participants.Two of those were linked to a post-Spectra Prism bug, which is expected to be resolved in a future update. Despite this coincidence, all delayed reports were eventually delivered, and quorum functionality has since returned to normal.During the same day, Lido contributors and Chorus One’s security teams conducted detailed reviews of their systems to pinpoint the breach’s vector.No indication has been seen of a deeper exploitation or software-level breach. The problem seems limited to the key itself, potentially from previous use and handling, and not a current intrusion.Lido Promises Detailed Post-Mortem ReportThe emergency DAO voting for rotating the hacked oracle key is scheduled for two phases: a 72-hour main voting period and a subsequent 48-hour objection period.This change will update all affected contracts so they incorporate the fresh, un-hacked key. The hacked address will be excluded from quorum activities until voting is over.As a matter of transparency and future reliability, Lido has pledged to release a thorough post-mortem once the ongoing investigation is complete.The report will include, among other things, the sequence of events, root cause, and any protocol improvements implemented in consequence.Related Reading | XRP Price Performance Lags Other Top Cryptos, But Payment Rivals XLM and RTX Are Both Soaring