Lido Finance, a major node operator for Lido, recently faced a security issue. After a significant vulnerability was exposed by cybersecurity researchers at dWallet Labs, the company decided to take decisive action: temporarily withdraw its Ethereum validation nodes and implement key rotation in response to the security threat.
Table of Contents
Toggle
Revelation of Lido Node Vulnerability and Initial Response
Vulnerabilities and Solutions in the Open Source Repository Tailon
Lido Finance Clarifies: SAFU
Actively Ensuring User Asset Security
Response and Follow-up Actions from InfStones
In July 2023, dWallet Labs alerted InfStones about a vulnerability in the open-source code repository Tailon. The vulnerability was promptly addressed, leading to a series of preventive security measures being implemented.
Lido Finance is the largest staking protocol on Ethereum, managing over $19 billion worth of ETH. Users participate in the validation nodes managed by the operator network by depositing ETH and receive corresponding derivative tokens.
(Lido stETH Extraction Q&A | Lido Withdrawals Officially Open, stETH Extraction Expected in 1-2 Days)
Lido Finance confirmed that the vulnerability may be related to root-level access and affected 25 validation node servers of InfStones. However, Lido emphasized that there are currently no indications of key leakage or abuse. To further ensure the security of user assets, dWallet Labs suggested key rotation for all potentially affected nodes.
InfStones has ensured network integrity.
InfStones stated that the affected systems only account for a small portion, less than 0.1%, of its overall infrastructure. The company has agreed to voluntarily withdraw its validation nodes and transition to new keys, pending approval from Lido Finance’s governance. This action aims to ensure the continued stable operation of the Ethereum network and safeguard user assets.
InfStones
Lido
Tailon
Related Readings
In-depth Analysis of Blur Yielding L2 Network Blast: On-chain Native Interest Rates, NFT Sustainable Contracts, and more
Financial Struggles and Development Uncertainties! Lido Proposal to Halt Polygon Mainnet Staking Services.