LIDO AVOIDS MAJOR SECURITY BREACH AS BITCOIN DEFI BLOSSOMS

Lido, Ethereum's largest liquid staking protocol, avoided a major security incident after one of its nine oracle keys was compromised.

Lido, Ethereum’s largest liquid staking protocol, escaped a major security incident after one of its nine oracle keys was compromised in what appears to be a low-impact but serious breach involving validator operator Chorus One.

The compromised key was tied to a hot wallet used for oracle reporting, and the breach led to the theft of just 1.46 ETH ($4,200) in gas fees, according to a new post from Lido. No user funds were affected, and no broader compromise was detected.

“[The technical issues] have now been resolved, and the reporting node is back online and operating normally,” a spokesperson for Lido said in an email to CoinDesk.

The breach was first detected on Tuesday, when Lido noticed an anomaly in one of its oracle nodes, which are used to aggregate data about the Ethereum blockchain and report it to external services. The anomaly ultimately led to the compromise of one of the nine oracle keys used by Lido.

The breach was quickly contained, and no user funds or other Lido services were affected. However, it highlights the ongoing challenges faced by blockchain protocols in securing their systems against cyberattacks.

"We are grateful for the swift response of the Chorus One team in patching the vulnerability and preventing further exploitation," said Vijay Anant, CEO of Lido. "This incident serves as a reminder of the importance of robust security practices and the collaborative efforts needed to maintain the stability and integrity of the Ethereum ecosystem."

The incident is still under investigation, but initial findings suggest that it may be linked to a known vulnerability in Chorus One's validator software. The vulnerability could allow an attacker to gain control of a validator node and use it to carry out malicious activities, such as stealing funds or disrupting the network.

"This vulnerability has been patched, and we are working to ensure that all of our validators are updated with the latest security patches," a spokesperson for Chorus One said. "We apologize for any inconvenience this has caused to Lido and its users."

The breach comes at a time when Ethereum is facing increasing pressure to scale and secure its network. The introduction of Pectra last week brought the biggest changes to the blockchain in more than a year.

Pectra, which stands for "Paris Edition C++ Ractra," is the latest in a series of planned upgrades to the Ethereum network. It is named after the city where the latest meeting of the Ethereum core developers took place.

The Pectra upgrade introduced several key changes, including:

Easier staking for institutions

Improved wallet accessibility

Increased transaction efficiency

Developers have already begun planning for the next upgrade, known as Fusaka, and have thus far agreed to include an Ethereum Improvement Proposal (EIP) called "PeerDAS" that could help the network support larger "blobs" of transaction data.

The next meeting of the Ethereum core developers is scheduled for December in Tokyo, where they will continue to discuss and develop plans for the Fusaka upgrade.

The Pectra upgrade was successfully deployed on March 7, paving the way for the next stage of the Ethereum network's evolution.calendaroutput:

DeFi protocols on the Bitcoin blockchain may still be in the infancy relative to Ethereum, but they are becoming safer and cheaper, crypto analytics firm Messari said in a new report.

A central participant is Rootstock, one of the oldest Bitcoin layer-2 projects, crypto analytics firm Messari said in its “State of Rootstock” report on Tuesday.

Rootstock is now secured by 81% of Bitcoin’s total hashrate, meaning miners that account for amount the hashrate are also approving transactions on the layer 2. The figure was just 56% before the the onboarding of Foundry and Spiderpool, the world’s largest and sixth-largest mining pools, respectively, in February.

“The integration of the major mining pools has brought significant contributions to Rootstock’s security and stability,” Messari researchers wrote.

After the integration of the mining pools, the probability of a successful 51% attack on Rootstock has decreased to less than 1%, they added. A 51% attack occurs when a group of miners gains control of more than half of the network's hashrate and can use it to double-spend coins, censor transactions and ultimately take over the network.

“While not impossible, the prospect of a successful 51% attack on Rootstock is now slim and would require a coordinated effort from several of the largest mining pools to opt out of providing their hashrate to Rootstock.”

The researchers went on to note that the high level of hashrate support for Rootstock may also be attributed to the project’s low transaction fees. On average, a transaction on Rootstock costs around $0.03 in gas fees, compared to $1 to $2 for an Ethereum transaction during times of high network activity.

“These low transaction fees are a significant advantage for Rootstock, as they make it an attractive option for