The Lido liquid staking protocol has detected a security flaw affecting the oracle Chorus ONE. The incident led to the theft of 1,46 ETH and triggered a voting procedure to replace one of the compromised private keys. Are we to conclude that DeFi is without the necessary protection to circumvent these kinds of flaws?
Table of Contents
Chorus ONE hacked, Lido reacts to secure its 25% ETH stack
The DeFi has always been a favourite target of hackers. Shockingly, even a staking giant like Lido may be a victim, although we shall see here that a contingency plan enabled an immediate response. The platform, which today manages more than 25% of all ETH staked on Ethereum, identified on May 10 a security flaw affecting a wallet controlled by Chorus ONE one of its nine oracles.
A low balance alert has triggered the investigation which revealed the unauthorized access. According to Chorus ONE the affected private key was not secured according to current protocol standards. The attacker managed to drain 1,46 ETH (around $4,200) from this wallet. According to official communications from Lido and Chorus ONE.
Following detection, the Lido DAO launched an emergency vote to replace the compromised key. The compromised address (0x140B) is replaced by a new address (0x285f), with a vote already approved and a 48 hours objection period.
The incident occurred while other oracle operators were experiencing separate technical problems, including a bug in Prysm linked to the update of Pectra of Ethereum. These simultaneous but unrelated events temporarily delayed some oracle reports on May 10.
The role and security mechanisms of Lido oracles
To understand the significance of the incident and why the risks remained limited, it is essential to understand the architecture of the Lido oracles. The Lido system is based on nine independent oracles that transmit data between the consensus layer and Ethereum’s execution layer.
These oracles submit regular reports on the status of the protocol, enabling Lido to perform various operations such as processing withdrawals. The main security mechanism is the quorum: a minimum of five out of nine oracles must submit identical data for a report to be validated.
This design prevents an isolated oracle, even a compromised one, from manipulating the system. An attacker could attempt to submit falsified data, but they would be automatically rejected for failing to reach the required threshold.
The protocol also features automatic checks integrated directly into smart contracts. These safeguards limit the scope of possible modifications, protecting the system in the same disaster scenario where a majority of oracles would be compromised simultaneously.
The challenge of cybersecurity in an expanding crypto ecosystem
This incident comes at a time when cybersecurity is becoming the crypto industry’s Achilles heel. First-quarter 2025 data published by cybersecurity firm Hacken report that over $2 billion has been lost to malicious activity in the crypto ecosystem. The hacking of Bybit in February 1,4 billion, accounted for the bulk of these losses.
According to Hackencry ptocurrency hacks caused $357 million in losses in April 2025 an increase on the previous month.
For Lido This incident highlights several aspects of its infrastructure. The protocol detected and contained the threat, limiting losses to the amount of gas costs. The decentralized governance mechanism enabled a rapid response via emergency voting. Questions raised include the length of time the 2021 key was held without security updates, and the processes for auditing existing infrastructures.
Chorus ONE indicated that the exploit was probably due to a private key leak from a hot wallet, and announced that a new machine would be set up for future operations. The incident remains under investigation, according to members of the Lido DAO.
The crypto sector requires more robust protection systems. Often, liquid staking protocols like Lido manage large volumes of digital assets, requiring ongoing security measures and responsive governance processes. For crypto users, it becomes even more necessary to diversify their portfolios by opting for a hardware wallet like the one from our partner D’CENT and enjoy the extra protection it offers.
As a journalist at Coinpri, I’ve been captivated by the world of bitcoin and blockchain since 2020. The decentralized aspect of Bitcoin particularly piqued my interest. Since then, I’ve been working constantly to spread my knowledge, hoping one day to see a world where everyone fully enjoys their financial freedom.
