According to The Block, one of Ethereum staking protocol Lido's reporting oracles was attacked on Saturday, leading to the Lido DAO vote to rotate the address.
The attack resulted in a loss of about 1.5 ETH, which the oracle operator Chorus One described as an “isolated incident.”
“The protocol remains secure and fully operational,” Lido stated.
Ethereum staking protocol Lido lost nearly 1.5 ETH after attackers compromised its protocol's reporting oracle, triggering an emergency DAO vote to rotate the oracle's address. Currently, Lido is still “completely secure and operational.”
Chorus One stated that the attack appears to be an “isolated incident,” with no further threat to the protocol. “We have conducted a full audit of our infrastructure and found no broader vulnerabilities,” Chorus One wrote on X.
Blockchain data indicates that attackers extracted 1.46 ETH from the compromised address, equivalent to about $3,800. “We are still investigating on all fronts; we will share a complete post-mortem analysis after the investigation concludes,” Chorus One added on Lido's governance forum. “The attackers' activity suggests this is an automated system rather than a targeted attack.”
Although the attackers were able to extract the ETH balance from the oracle address (Chorus One indicated this balance was intentionally kept low), the attack did not threaten Lido's operations because its protocol requires a 5/9 consensus for oracles.
“In the worst-case scenario, [the compromised oracle] could mean that the re-benchmarking of stETH (whether positive or negative) may take longer to realize, which will affect stETH holders, but in most cases, the impact is minimal, except for those who use stETH with leverage in DeFi,” wrote Izzy, Lido's head of validators, on X.
Currently, the Lido DAO vote to rotate the compromised address has full support but has not yet reached a quorum.
“Oracles are complex, and their use in DeFi varies,” Izzy wrote. “In Lido, they are a well-considered part, and potential negative impacts are significantly mitigated through effective decentralization, functional separation, and multiple layers of checks.”
