Lido DAO votes to replace oracle after 1.46 ETH security breach

Lido DAO (CRYPTO:LDO) has launched an emergency vote to replace a compromised oracle key following the unauthorised withdrawal of 1.46 ETH from a wallet managed by Chorus One, a validator operator.

The incident was detected on May 10, 2025, when a contributor noticed the wallet’s balance was unexpectedly low.

The wallet, in use since 2021, was linked to oracle reporting but lacked the same security protections as other infrastructure components.

Chorus One indicated the breach likely resulted from a hot wallet private key leak and is setting up new hardware to enhance security.

Lido emphasised that the issue is isolated to this single oracle and does not affect the overall protocol, which remains fully operational and secure.

The oracle system uses a 5-of-9 quorum, ensuring that no single compromised key can disrupt the network’s integrity.

All other oracle addresses and software passed security checks without signs of compromise.

In response, Lido initiated a DAO vote to rotate the affected oracle key across three contracts: the Accounting Oracle, Validators Exit Bus Oracle, and CS Fee Oracle.

The vote will run for 72 hours with an additional 48-hour objection period.

The new key has already been generated and secured under updated protocols.

This event underscores ongoing cybersecurity challenges in decentralised finance (DeFi), where complex systems with large attack surfaces remain vulnerable.

Cybersecurity firm Hacken reported that over $2 billion in crypto was lost to hacks and exploits in Q1 2025 alone, with April seeing $357 million in losses.

Hacken CEO Dyma Budorin highlighted the need for stronger cybersecurity and code audits in the crypto industry to counter increasingly sophisticated attacks.

The incident also draws attention to threats from hacking groups linked to North Korea, which have prompted discussions among G7 nations on how to mitigate such risks at upcoming summits.

Lido’s swift action to contain the breach and maintain protocol security reflects the critical importance of resilience in DeFi infrastructure as the sector evolves.

“The protocol continues to run as normal, and the system remains secure,” according to Lido DAO members.

This statement reinforces confidence in the platform’s safeguards despite the isolated oracle compromise.