Lido Reports Compromise of Oracle Key with Loss of 1.46 ETH

Lido, Ethereum's leading liquid staking protocol, faced a security breach when one of its nine oracle keys was compromised due to validator operator Chorus One. Key points include:

Lido secures over 25% of all staked ETH on Ethereum.
The compromised key was linked to a hot wallet used for oracle reporting, resulting in the theft of 1.46 ETH ($4,200) in gas fees.
No user funds were affected, and no wider compromise was detected.
Lido's oracle system operates on a 5-of-9 quorum mechanism, ensuring security even if some keys are compromised.
Suspicious activity was first detected after a low-balance alert prompted an investigation.
The compromised key was created in 2021 and lacked updated security standards.
Lido initiated an emergency DAO vote to rotate the compromised key and has generated a new key with enhanced security measures.
The transition from the compromised address (0x140B) to a new secure address (0x285f) is underway, pending a 48-hour objection period.