Lido node operator InfStones withdraws Ethereum validator node, updates keys to prevent security vulnerability
Lido Finance's primary node operator, InfStones, recently faced a security issue. Following the disclosure of a major vulnerability by dWallet Labs security researchers, the company decided to take decisive actions: temporarily withdrawing its Ethereum validation nodes and implementing key rotation to address the security threat.
1/5
Pertaining to our recent disclosure https://t.co/WFrGgMNiIe as a proactive measure out of an abundance of caution and safety, we have decided, with full support from @LidoFinance, to rotate Lido ETH keys voluntarily. This will not affect our regular services to our customers.— InfStones Global (@InfStones) November 24, 2023
Table of Contents
Lido Node Vulnerability Disclosure and Initial Response
Vulnerabilities and Solutions in the Open Source Repository Tailon
dWallet Labs issued a warning to InfStones in July 2023 about a vulnerability in the open-source code repository Tailon, which has been promptly addressed, leading to the implementation of a series of preventive security measures.
Lido Finance, the largest liquid staking protocol on Ethereum with over $19 billion worth of ETH under management, allows users to deposit ETH to participate in a network of operator-run validation nodes and earn corresponding derivative tokens.
Lido stETH Withdrawal Q&A|Lido Withdrawal Officially Open, stETH Withdrawal Expected in 1-2 Days
Lido Finance Clarification: SAFU
Actively Ensuring User Asset Security
Lido Finance confirmed that the vulnerability may be related to root-level access permissions, impacting 25 InfStones validation node servers. However, Lido emphasizes that there are currently no signs of key leakage or abuse. To further safeguard user assets, dWallet Labs recommends rotating verification keys for all nodes that may be affected by the vulnerability.
To clarify: There is currently no indication of key leakage or compromise, and the vulnerability may not affect validators related the Lido protocol.
— Lido (@LidoFinance) November 22, 2023
InfStones Response and Follow-Up Actions
InfStones has ensured network integrity
InfStones stated that the affected systems represent less than 0.1% of its overall infrastructure. The company has agreed to voluntarily withdraw its validation nodes and transition to new keys pending approval from Lido Finance governance. This is done to ensure the continued stable operation of the Ethereum network and safeguard user assets.
Related
- Vitalik's Ethereum 2.0 Blueprint: Achieving 100,000 TPS, Reviving Plasma for Layer 2 Scalability, Integrating L2 Ecosystem
- EigenLayer's EIGEN token will be transferable on September 30th. Daily Coin Research: Being criticized now is better than being unnoticed.
- Coinbase Secures Eighth Spot for Ethereum ETF Custodian, Founder: SEC Confirms Ethereum is Not a Security