As per BlockBeats news on November 23, in response to a significant vulnerability disclosed by dWallet Labs security researchers, InfStones, a core node operator of Lido Finance, has agreed to temporarily remove its Ethereum validator from the liquidity staking protocol and implement a key rotation.
The vulnerability relates to the open-source library Tailon. InfStones was apprised of this issue in July 2023 and has since addressed it. However, the incident has led to the adoption of precautionary security measures. Lido Finance acknowledged that the vulnerability pertains to potential root-level access affecting 25 of InfStones' validator servers, but there is no suggestion that this problem resulted in any key leaks or exploitation.
Earlier, in its security report, dWallet Labs stated that this vulnerability could lead to security breaches affecting Ethereum staked through Lido via InfStones nodes. Consequently, dWallet Labs suggested the rotation of validator keys for all nodes possibly exposed to this vulnerability.
