InfStones, Lido Finance’s core node operator, will temporarily withdraw Ethereum validators from the liquid staking protocol and implement key rotation in response to a serious vulnerability uncovered by security researchers at dWallet Labs.
This vulnerability, linked to the open source library Tailon, was reported to InfStones in July 2023 and has since been addressed. Nonetheless, the incident led to the adoption of preventive security measures.
Lido, the largest liquidity staking protocol on Ethereum, oversees 9.23 million ETH and has a market cap exceeding $19 billion. The protocol allows users to deposit ETH and participate in network staking through validator nodes, which issue derivative tokens to users to represent their staked deposits. A network of contributors, known as operators, are responsible for running these ETH validator nodes and providing the necessary IT infrastructure and servers required for their operation.
Lido Finance Confirmed The vulnerability involved potential root-level access affecting 25 of InfStones’ validator servers. However, Lido said there is no evidence that any keys were leaked or misused as a result of this issue.
“To be clear, there are currently no signs of key leaks or compromises, and the vulnerability may not affect validators associated with the Lido protocol. said.
InfStones’ response
InfStones said the issue pointed out by dWallet affected only a small portion of its infrastructure, with less than 0.1% of systems affected through the specific network port on the network where the issue occurred. So this means that the number of validator nodes affected is low.
“Instances (servers) confirmed in production constitute less than 0.1% of the live nodes we have launched to date. We discovered that external traffic over port 55555 opened for Tailon could mimic viewer permissions and access parts of our development and testing data,” InfStones said.
Despite no confirmed key compromises, InfStones has actively agreed to terminate validators and switch to new keys, pending approval from governance. Lido Finance Added. Ether previously staked to potentially affected validators will be redirected to the Lido Protocol for re-staking, ensuring continuity and stability.
Disclaimer: The Block is an independent media outlet delivering news, research and data. As of November 2023, Foresight Ventures is a majority investor in The Block. Foresight Ventures invests in other companies in the cryptocurrency space. Cryptocurrency exchange Bitget is an anchor LP of Foresight Ventures. The Block continues to operate independently to provide objective, impactful and timely information about the cryptocurrency industry. Below are our current financial disclosures.
© 2023 The Block. All rights reserved. This article is provided for informational purposes only. It is not provided or intended to be used as legal, tax, investment, financial or other advice.