Ethereum staking protocol Lido has confirmed that it remains “fully secure and operational” following a breach in which an attacker compromised one of its protocol reporting oracles.
The attack resulted in the theft of nearly 1.5 ETH, prompting an emergency DAO vote to rotate the oracle’s address.
According to Chorus One, the operator of the oracle, the incident appears to be an “isolated event” with no further threats to the protocol. The operator continued to say that they have thoroughly audited their entire infrastructure and found no evidence of broader compromise.
Blockchain data shows that the attacker drained 1.46 ETH worth about $3,800 from the compromised address.
Chorus One says the investigation is ongoing, and a full postmortem will be shared once it is concluded. The exploiter’s activity suggests using an automated system rather than a targeted attack.
Lido breach sparks renewed focus on oracle security and DeFi resilience
While the breach led to the drain of the oracle address’s ETH balance (which was purposely held at a low level, Chorus One said), the attack did not affect Lido’s operations, as its protocol reporting oracles needs a 5-of-9 consensus.
Lido’s head of validators, Izzy, commented that in the worst-case scenario, compromised oracles could cause delays in stETH rebases, whether positive or negative. This would primarily affect stETH holders, but the impact would be negligible, except for those using stETH in leveraged DeFi strategies.
The Lido DAO vote to rotate the compromised address currently has unanimous support, though it has not yet reached a quorum.
Izzy continued to say that oracles are complex and have different usages across DeFi. He noted that in Lido, they’re an integral part of the protocol, and possible negative impact is meaningfully mitigated through effective decentralization, segregation of duties, and multiple layers of checks.
The breach underscores the urgent need for strong cybersecurity protocols in decentralized finance as global monetary, trade, and business systems increasingly transition onchain into complex digital infrastructures with expansive attack surfaces.
Crypto industry urged to act as hacks soar to $2B in Q1 losses
The crypto industry has suffered a series of thefts, prompting questions about the security of customer funds, with hacking hauls totaling more than $2 billion in 2024 – the fourth straight year where proceeds have topped more than $1 billion.
Earlier this year, the crypto exchange Bybit suffered the industry’s largest hack at $1.4 billion, with North Korea’s Lazarus Group pegged as the culprit by cybersecurity firms, which was later confirmed by federal authorities.
Hacken also reported that crypto hacks were responsible for $357 million in losses in April 2025, a significant increase from losses incurred in March.
Speaking at Token2049, Hacken CEO Dyma Budorin noted that the crypto industry needs to adopt more robust cybersecurity and code auditing measures to stem the tide of hacks and exploits plaguing the asset sector.
Cybersecurity threats in crypto have become so pronounced, particularly from hacking groups associated with the Democratic People’s Republic of North Korea (DPRK). Leaders from the Group of Seven countries are reportedly looking to discuss how the numerous crypto hacks and malicious cyber activities that North Korea has engaged in for years could be addressed and mitigated.
