- Lido node operator InfStones will be replacing its validator keys following the vulnerability disclosure by blockchain security company dWallet Labs.
- Lido acknowledged the vulnerability and said its security team is working with node operators to assess the scope and potential impact.
InfStones, a blockchain infrastructure provider and one of the core node operators of Lido Finance, a liquid staking protocol, is attempting to address recent vulnerabilities by rotating validator keys.
The platform is expected to take security measures by temporarily withdrawing Ethereum validators from Lido.
Why does InfStones take these security measures?
InfStones’ move follows the discovery and disclosure of a security threat involving the open source library Tailon last July by researchers at blockchain security platform dWallet Labs.
InfStones’ chain of vulnerabilities puts more than $1 billion in assets at risk. The dWallet Labs team disclosed this to Lido node operators to resolve the issue, Elad Ernst, a cybersecurity researcher at dWallet Labs, wrote in X.
1/ Our team @dWalletLabs A series of vulnerabilities have been discovered that could lead to the loss of more than $1 billion in cryptocurrency assets. The full article is here: https://t.co/cUUfevvUQ9 Let’s take a closer look.
— Elad Ernst (@EladErnst) November 21, 2023
Lido Finance acknowledged the vulnerability and noted that it likely affected 25 InfStones servers.
“Lido contributors are now actively working with node operators to investigate the incident to understand its full scope and potential impact.t,” the platform said in an update.
However, the protocol’s security team said there was no indication that the keys had been leaked or compromised. Additionally, this vulnerability is highly unlikely to affect Lido Finance validators.
To be clear, there are currently no signs of key leaks or compromises, and the vulnerability may not affect validators associated with the Lido protocol.
— Lido (@LidoFinance) November 22, 2023
InfStones stated that the key was not compromised, but decided to switch to a new key. To continue operations and ensure the stability of the liquid staking protocol, InfStone will redirect staked Ether (ETH) to Lido for re-staking.
Lido is the largest liquid staking platform on Ethereum, with total value locked (TVL) of over $18 billion as of November 23.