Lido Oracle Hacked – A Wake-Up Call on Multisig Security in DeFi
Yesterday, a wallet belonging to Lido's multisig oracle – operated by Chorus One – was compromised by hackers, according to revelations from @0xngmi (DeFiLlama). Although the hacker only withdrew 1.4 $ETH, that transaction left a trace, helping to identify the vulnerability.
The compromised wallet has been in use since 2021, suspected to have had its private key leaked beforehand. While there is currently no evidence that Chorus One or Lido's software was attacked directly, this is a wake-up call.
- Lido asserts that the 5/9 quorum mechanism is sufficient to maintain safety when 1 node fails. The remaining eight nodes were checked and found to be unaffected. (This means the system has 9 signers, of which at least 5 must confirm to perform a transaction)
*However, the incident has sparked intense debate within the community, particularly regarding:
1. Weak Multisig: @mmilien_ proposed raising the multisig standard to 7 signers, with ≥50% being third parties, and a threshold of ≥51%.
2. Replacement Oracle: Many voices, such as @Xmarine777 and @goychka, suggested that Lido should switch to Chainlink – a more robust and professional oracle system.
*Conclusion: Although the material damage is small, reputation is the most affected aspect. As one of the pillars of liquid staking, Lido must act quickly, not only to investigate but also to redesign the oracle security structure to protect the Ethereum ecosystem.
- The question arises: Is traditional multisig still secure enough in DeFi 2025?
