SSV Labs CEO says protocol is not compromised following validator slashing incidents

SSV Labs CEO Alon Muroch sought to reassure the SSV staking community on Wednesday after several Ethereum validators running on the network experienced slashing incidents.

The incidents, which involved both Ankr-operated validators and a seven-operator cluster that had migrated from Allnodes, prompted concerns about the security of the SSV protocol. In a statement on X, Muroch stressed that "SSV is NOT compromised," adding that neither operators nor stakers needed to take any corrective action.

According to a detailed post-mortem released by the SSV team, monitoring systems first flagged a slashing incident at 11:51 UTC on Wednesday. Around 90 minutes later, a second, larger slashing event affected a cluster of 39 validators. Investigations revealed that both cases stemmed from factors external to the SSV protocol, related explicitly to validator key management.  "We looked at logs from both incidents and found NOTHING that indicates double signing or failure on SSV side," Muroch said.

SSV Network is an Ethereum staking infrastructure built on distributed validator technology, which splits a validator's private key into multiple shares run by independent operators. This ensures no single party controls the validator and, when keys remain exclusively within SSV, aims to minimize downtime and double-signing risks that can lead to slashing.

"By design, SSV reduces slashing risk by distributing responsibilities across operators. However, if validator keys are run outside SSV, the guarantees no longer apply," the SSV team said in the post-mortem.

The larger of the two incidents was traced to Ankr, a long-time staking provider. Muroch said Ankr acknowledged that an operational maintenance misconfiguration inadvertently triggered validator keys being simultaneously active in two different infrastructures, causing the slashing. The firm immediately shut down the affected operators and cooperated with SSV Labs to confirm the root cause. The smaller event, involving a validator previously migrated from hosting provider Allnodes, is still under review, though investigators suspect that a secondary validator setup also played a role.

SSV Labs stated that the incident shows the importance of strict validator key management, which should be confined to a single trusted environment with redundant setups and built-in slashing protections. While the affected validators face penalties, the broader SSV protocol and infrastructure remain fully intact, the team said.