Lido, a liquid staking platform, uncovered a security flaw in its Ethereum protocol, which involved one of its Node Operators, InfStones. The vulnerability, initially detected months ago, was reported to InfStones and they confirmed the issue has been resolved.
Concerns and Investigation
The primary concern was the potential for unauthorized access to root-level privileges on up to 25 validator servers. These servers, not necessarily tied to the Lido protocol, could have exposed sensitive data, including key materials, to external threats. It remains undetermined if the servers or keys associated with Lido validators were affected.
Lido DAO is currently working closely with InfStones to meticulously investigate the breach and determine its scope and implications.
Rising Off-Chain Attacks
In the context of this incident, Web3 security experts at Holborn have noted a substantial increase in the frequency and severity of off-chain attacks. These attacks exploit vulnerabilities outside the blockchain, such as system misconfigurations or operator errors.
Experts emphasize the crucial need for ongoing and thorough infrastructure audits to proactively identify and mitigate such weaknesses.
Additional Information
Author
This article was written by Sarah Johnson, a Web3 security researcher and consultant.
Credit and Rights
Credit and rights to this article belong to MigBase.com.