Lido DAO is initiating an on-chain vote as a matter of urgency following the identification of a compromise on one of its oracle keys. The affected address was operated by Chorus One and was left with a depleted ETH balance on May 10th of 2025.
One of the contributors had discovered it following a warning of a low account balance, following which the breach was urgently investigated and confirmed. The hacked key was linked to Lido’s Oracle system and had been active since the year 2021.
Lido contributors and engineers at Chorus One are currently exploring how the private key was leaked. Preliminary results state no wider infrastructure breach and report on an isolated leak possibly linked to a hot wallet key.
A response team formed quickly to assess the incident scope, inspect other oracles, and confirm the overall system’s security. All eight remaining oracles were verified and showed no signs of compromise. Oracle software was examined and found to be operating correctly, with no code or dependency issues detected.
Lido maintains operations amid Oracle issue
The design by Lido implemented a 5-of-9 quorum system to keep the protocol operational while the problem existed. Delays in Oracle reports on May 10 were caused by independent node errors from other operators. These issues were promptly resolved. Staking services continued without any interruption.
To reduce the risk, Lido DAO is suggesting replacing the hacked address (0x140Bd8) with a new safe address (0x285f85) in three contracts: AccountingOracle, ValidatorsExitBusOracle, and CSFeeOracle.
The urgent vote will begin shortly and run for 72 hours. After that, there will be a 48-hour objection period. This ensures transparency throughout the process.
Chorus One and Lido contributors continue investigating to determine whether any other infrastructure parts were affected. A full postmortem and update will follow after concluding the investigation. The incident shows the protocol’s resilience and quick response capabilities in handling threats effectively.
