Lido Finance’s data operator, InfStones, has addressed a serious security issue discovered by security analysts at dWallet Labs. The team plans to temporarily withdraw Ethereum validators from the liquid staking protocol and implement key rotations. The security issue, which was reported to InfStones in July 2023 and resolved, is associated with the open-source Tailon library.
Lido is the largest liquid staking protocol in the Ethereum ecosystem, managing 9.23 million Ethereum assets with a market value of over $19 billion. The protocol allows users to deposit ETH and participate in staking through validator contracts, providing users with a derivative token representing their deposited funds. An existing network of operator responsible for validating ETH withdrawals is supported by the necessary infrastructure and servers for these operations.
Lido Finance stated that the security issue affected 25 InfStones validators and potentially had unauthorized access. However, there is no evidence of data leakage or exploitation resulting from this issue.
According to dWallet Labs’ security report, the security issue could trigger a breach that could affect InfStones’ staked ETH assets on Lido. As a result, the company proposes a solution through rotation of validator keys for all potentially affected data.
InfStones stated that the issue reported by dWallet only affected a small portion of its infrastructure and less than 0.1% of its systems through a specific network port within the Tailon platform. This explanation revealed that only a limited number of validator nodes were affected.