Security Vulnerability Discovered in Ethereum Protocol by Lido DAO
Date: 2023-11-26 Author: Dima Zakharov Categories: IN WORLD
Uncovering the Vulnerability
Lido DAO's Liquid Stakes solution uncovered a security vulnerability within the Ethereum protocol within the past 24 hours. This discovery specifically pointed to an issue with one of the node operators, InfStones. Initially identified several months ago, InfStones officially reported this problem in July 2023. Since then, InfStones has confirmed that the issue has been resolved.
Lido DAO's Liquid Stakes solution uncovered a security vulnerability within the Ethereum protocol within the past 24 hours. This discovery specifically pointed to an issue with one of the node operators, InfStones. Initially identified several months ago, InfStones officially reported this problem in July 2023. Since then, InfStones has confirmed that the issue has been resolved.
The Core Issue
The primary concern revolved around potential unauthorized access to root-level privileges on 25 validator servers. These servers, not necessarily linked to the Lido protocol, could have exposed sensitive information, including crucial materials, to external threats. It remains unclear whether the servers or keys connected to Lido's validators were compromised.
Ongoing Investigations
Presently, the Lido DAO team is working closely with InfStones to conduct a thorough investigation into the breach. Their efforts aim to establish the full extent and potential consequences of the incident. In the wake of this incident, security experts in the Web3 space at Holborn have noted a recent uptick in both the frequency and severity of off-network attacks.
Security experts emphasize that this latest incident underscores the necessity for continual and comprehensive infrastructure audits to proactively identify and address similar vulnerabilities.
