Lido 'secure' after oracle compromise sparks emergency DAO vote

Crypto Ecosystems • May 11, 2025, 6:26PM EDT
The Block

Quick Take

  • A protocol reporting oracle for Ethereum staking protocol Lido was compromised on Saturday, sparking a Lido DAO vote to rotate the address. 
  • Only about 1.5 ETH was lost in the attack, which oracle operator Chorus One called an “isolated incident.” 
  • “The protocol remains secure and fully operational,” Lido said. 

Ethereum staking protocol Lido remains "fully secure and operational" after an attacker compromised one of its protocol reporting oracles, draining nearly 1.5 ETH and sparking an emergency DAO vote to rotate the oracle's address. 

Chorus One, which operates the oracle, said the attack appears to be an "isolated incident" without further threats to the protocol. "We have thoroughly audited our entire infrastructure and found no evidence of any broader compromise," Chorus One wrote on X

The attacker drained 1.46 ETH worth about $3,800 from the compromised address, blockchain data shows. "Investigation on all fronts is still ongoing; we will share a full postmortem after we conclude the investigation," Chorus One added on Lido's governance forum. "Activity of the exploiter points towards an automated system, rather than a targeted attack."

Though the attacker was able to drain the oracle address's ETH balance (which was purposely held at a low level, Chorus One said), the attack didn't threaten Lido's operations, as its protocol reporting oracles require a 5-of-9 consensus. 

"In the worst case, [compromised oracles] may mean something like stETH rebases (whether positive or negative) take longer to materialize, which will affect stETH holders but mostly in a negligible manner apart from those who may be using stETH in a leveraged manner in DeFi," wrote Lido head of validators Izzy on X. 

The Lido DAO vote to rotate the compromised address currently has unanimous support, though it has not yet reached quorum. 
 
"Oracles are complex and vary in their usage across DeFi," Izzy wrote. "In Lido, they're a carefully considered part of the protocol, and possible negative impact is meaningfully mitigated through effective decentralization, segregation of duties, and multiple layers of checks."

Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.

© 2025 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

AUTHOR

Zack Abrams profile picture Zack Abrams

Zack Abrams is a writer and editor based in Brooklyn, New York. Before coming to The Block, he was the Head Writer at Coinage, a Web3 media outlet covering the biggest stories in Web3. The story he co-reported on Do Kwon won a 2022 Best in Business Journalism award from SABEW. Other projects included a deep dive into SBF's defense based on exclusive documents and unveiling the identity of the hacker behind one of 2023's biggest crypto hacks — so far. He can be reached via X @zackdabrams or email, [email protected].

See More
Connect on

WHO WE ARE

The Block is a news provider that strives to be the first and final word on digital assets news, research, and data.

+ Follow us on Google News
Connect with the block on

More by Zack Abrams