That’s why Lido Finance, the largest liquid staking protocol on Ethereum, launched their first emergency DAO vote. This decision follows a recent security incident that led to the loss of $1.46 ETH worth in gas fees, requiring the rotation of a compromised oracle key. That hack compromised one of the nine oracle keys. Importantly, it did not affect users’ funds, nor was any wide-ranging compromise found. Lido captures more than 25% of all ETH staked on Ethereum.

Lido's oracle system, a blockchain-based tool, supplies Ethereum consensus data to Lido's smart contracts. The system employs a 5-of-9 quorum slice mechanism. This suggests it should require all five of the nine keys for it to work well. Yet one of these keys, managed by validator operator Chorus One, was breached.

The key, created in 2021, was not protected to the level of newer keys. As a result of this breach, 1.46 ETH was stolen due to gas fee theft.

Lido has launched an emergency DAO vote to rotate the compromised oracle key across three contracts: the Accounting Oracle, the Validators Exit Bus Oracle, and the CS Fee Oracle. The on-chain vote has already been passed and is currently in its 48-hour period for objection. We are replacing the compromised address (0x140B) with a new secure address (0x285f).

The breach underscores the need for strong security protocols, particularly for legacy keys. Lido’s governance system is designed to still function safely if 1 or 2 keys are hacked. This was a great demonstration of the oracle mechanism’s extraordinary resilience.