Key Takeaways: An emergency DAO vote has been announced by Lido contributors following the detection of a compromised oracle key operated by Chorus One.

Investigation is ongoing.Incident details, root cause updates, vote details — all in the forum post: https://t.co/vn4gq8W82g

Key Takeaways:

* An emergency DAO vote has been announced by Lido contributors to rotate a compromised oracle key being operated by Chorus One. The affected key, nosed for critical data reporting functions, was flagged after an alert showed one of the system’s quorums having its entire ETH balance rapidly depleted.

* Subsequent investigation traced the issue to a probable private key leak, possibly from a previously used hot wallet. The incident does not indicate a broader breach of Chorus One’s infrastructure or the oracle system.

* This prompted immediate action, including isolation of the compromised key and preparation for replacement on three Oracle contracts: AccountingOracle, ValidatorsExitBusOracle, and CSFeeOracle.

* The affected address (0x140B.) will be substituted with a fresh, secure key (0x285f.). Insomuch as the incident is severe, there is no loss of staker funds or integrity of the staking protocol for Lido. The 5-of-9 quorum model for the system has redundancy and robustness, inherently avoiding single points of failure.

Labs emphasizes Lido’s multi-layered incident response and security strategy throughout its reply. The rapid collaboration of the team with Chorus One and a full audit of all other oracles prevented wider disruption within the system.

All eight remaining oracle operators were verified as being secure, with no irregularities within the reporting infrastructure or software layers.

On May 10th, Lido’s Oracle system experienced minor reporting delays due to unrelated issues affecting four other Oracle participants.

Two of those were linked to a post-Spectra Prism bug, which is expected to be resolved in a future update. Despite this coincidence, all delayed reports were eventually delivered, and quorum functionality has since returned to normal.

During the same day, Lido contributors and Chorus One’s security teams conducted detailed reviews of their systems to pinpoint the breach’s vector.

No indication has been seen of a deeper exploitation or software-level breach. The problem seems limited to the key itself, potentially from previous use and handling, and not a current intrusion.

Lido Promises Detailed Post-Mortem Report

The emergency DAO voting for rotating the hacked oracle key is scheduled for two phases: a 72-hour main voting period and a subsequent 48-hour objection period.

This change will update all affected contracts so they incorporate the fresh, un-hacked key. The hacked address will be excluded from quorum activities until voting is over.

As a matter of transparency and future reliability, Lido has pledged to release a thorough post-mortem once the ongoing investigation is complete.

The report will include, among other things, the sequence of events, root cause, and any protocol improvements implemented in consequence.