In the early hours of May 10, a hacker infiltrated one of the addresses in the Lido oracle's multi-signature wallet, stealing 1.4 ETH before revealing their whereabouts.
Written by: @IsdrsP, Head of Lido Validator Nodes
Compiled by: Nicky, Foresight News
Oracle service provider Chorus One disclosed that a hot wallet of the Lido oracle was hacked, resulting in the theft of 1.46 ETH. However, security audits indicate that this isolated incident has limited impact, as the wallet in question was designed solely for lightweight operational purposes.
An attack on an oracle sounds quite severe. However, Lido's architectural design, the value philosophy of its stakeholders, and a contributor culture focused on security mean that the impact of such events is extremely limited — even if the oracle were completely compromised, it would not lead to catastrophic consequences.
So, what makes Lido unique?
Thoughtful Design and Layered Protection Mechanisms
Lido's oracle is responsible for transmitting information from the consensus layer to the execution layer and reporting protocol dynamics. They do not control user funds. A single compromised oracle would only cause minor inconveniences, and even if the arbitration process (quorum) were breached, it would not result in catastrophic outcomes.
What malicious actions might a compromised oracle attempt?
A) Submit malicious reports (but these would be ignored by honest oracles);
B) Deplete the ETH balance of that specific oracle address (which is only used for operational transactions and does not hold staker funds).
What responsibilities do oracles actually have?
Lido's oracle is essentially a distributed mechanism composed of 9 independent participants (requiring 5/9 consensus), primarily responsible for reporting protocol status. Current core functions include:
• Token inflation reward distribution (rebase)
• Withdrawal process handling
• Validator exit and performance monitoring for Community Security Module (CSM) reference
These oracles submit "reports" of the states they observe to the protocol. These reports are used to calculate daily accumulated rewards or penalties, update stETH balances, process and ultimately confirm withdrawal requests, calculate validator exit applications, and assess validator performance.
Essentially, Lido's oracle differs from what people typically understand as "multi-signature." Oracles cannot access the funds of stakers or the protocol, cannot control any protocol contract upgrades, and cannot upgrade or manage their own membership. Instead, the Lido DAO maintains the oracle list through voting.
The functionality of the oracle is extremely limited — it can only perform the following actions: submit reports that strictly adhere to deterministic, audited, and open-source algorithms designed for different protocol objectives; execute transactions in specific circumstances to implement report results (e.g., the protocol's daily rebase operation).
What would happen in the worst-case scenario if 5 out of 9 oracles were compromised? In this case, the compromised oracles might conspire to submit malicious reports, but any report must pass the on-chain enforced protocol rationality checks.
If a report violates these rationality checks, its processing time will be extended (and may never be "settled"), as the values in the report must conform to the allowed range of value changes over a specific time period (days or weeks).
In the worst-case scenario, this could mean that a rebase similar to stETH (whether positive or negative) would take longer to take effect, which would impact stETH holders, but the effect on most holders would be minimal unless someone is using stETH with leverage in DeFi.
There are also other possibilities: if malicious oracles and their accomplices possess certain information or have the ability to impose large penalties (such as massive slashing) at the consensus layer, they might exploit the execution layer's stETH update delay for economic gain.
For example, if a massive slashing occurs, some individuals might sell part of their stETH on decentralized exchanges (DEX) before the negative rebase takes effect. However, this would not affect users initiating withdrawal operations directly through Lido, as the protocol's "emergency mode" (bunker mode) would activate to ensure a fair execution of the withdrawal process.
Instant and Thorough Transparency
From the beginning, all participants in the Lido ecosystem — whether contributors, node operators, or oracle operators — have consistently prioritized transparency and goodwill, ensuring the protection of staker rights and the healthy development of the entire ecosystem.
Whether actively publishing detailed post-incident analysis reports, compensating for staking losses due to infrastructure downtime, proactively withdrawing validator nodes for preventive reasons, or quickly releasing comprehensive incident reports, these participants have always regarded transparency as a top priority.
Continuous Iteration and Upgrades
Lido remains at the forefront of technological development, committed to using zero-knowledge proof (ZK) technology to enhance the security and trustlessness of the oracle mechanism. As early as the initial stages, the team invested over $200,000 in dedicated funding to support trustless verification of consensus layer data through zero-knowledge proof technology.
These technological explorations ultimately led to the development of the SP1 zero-knowledge oracle "dual verification" mechanism by the SuccinctLabs team, which is set to launch formally within the year. This mechanism provides an additional layer of security verification for potential negative rebase operations through verifiable consensus layer data.
Currently, this type of zero-knowledge technology is still in the development stage, and the related zero-knowledge virtual machine (zkVM) needs to undergo practical testing. It also has limitations such as slower computation speeds and higher computational costs, and cannot fully replace trusted oracles. However, in the long run, such solutions are expected to become a trust-minimized alternative to existing oracles.
Oracle technology is highly complex and has various application scenarios in the DeFi space. In the Lido protocol, oracles are carefully designed as core components, significantly reducing the potential risk impact through effective decentralized architecture, role separation mechanisms, and multi-layer verification systems.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
