Emergency Vote to Remove Compromised Oracle by Chorus One: Lido Protocol Update

• Lido triggered an emergency vote to remove a compromised oracle operated by Chorus One after attackers drained its ETH due to a leaked hot-wallet keyan operational error, not a protocol flaw.
• Only the Chorus One feed was affected; Lidos validator sets, user funds, and other oracles remain secure. 
• The compromised oracle will be rotated out, and Chorus One is setting up a new server with fresh keys.

The governance arm behind Lidos liquidstaking protocol has triggered an emergency onchain vote to eject a single oracle operated by Chorus/One after attackers drained the nodes Ether balance. 

The move came within hours of Lido contributors confirming that the oracles hotwallet key had leakedan operational failure rather than a flaw in Lidos smartcontract code or oracle software.

Only the Chorus/One feed was hit. Validator sets, user deposits, and the protocols other oracles remain intact, at least according to Lido.

Even so, the addresss funds are gone, and the compromised key cannot be trusted. Chorus/One is spinning up a replacement server under a fresh key pair, while Lidos vote will rotate the oracle slot to restore the protocols redundancy.

Advertisement

Related: 11 Mainnet Improvements Made in Ethereums Biggest Upgrade Since the Merge

Chorus/One blamed the incident on an exposed hot wallet, adding that a forensic review is under way to confirm exactly when and how the credentials leaked. Until new infrastructure is live, the firm has frozen the affected signer and revoked its permissions.

The episode is a classic reminder that DeFi attacks extend far beyond onchain code. Oracles bridge external data into smart contract systems; if a single operator mishandles keys, millions in collateral can slip away in minutesregardless of how robust the underlying protocol is.

Not just projects, but infrastructure and cold wallets, and pretty much everything connected to the internet can be in danger. Even Ledger, one of the most sound safety devices, has had to warn its customers about a new phishing scheme to defraud users.

Security firm Hacken estimates more than US$2B (AU$3.12B) in crypto was stolen through hacks, scams, and code exploits in the first quarter of 2025. Roughly US$1.5B (AU$2.18B) of that came from the Bybit breach in February, but April alone still saw over US$357M (AU$557M) vanish across smaller incidents.

Related: Adidas Teams Up with Xociety for Limited-Edition Sui NFT Mystery Boxes

Advertisement