Ethereum staking crisis! Security vulnerability affects Numic, the Ethereum node operator for Lido DAO

On May 14th, contributors to Lido DAO discovered a security vulnerability affecting active node operator Numic using the Lido protocol. The security breach occurred a few days ago and impacted a developer machine with access to encrypted backup keys for the mainnet validator. It is currently unclear if these encrypted keys were acquired, duplicated, or otherwise manipulated, and whether any decryption material has been found or if the encryption has been compromised.

Response Measures by Node Operators

Stop Accepting New Deposits

Lido stated that as a precautionary measure and in response to the possibility that encrypted backups may have been accessed, the node operator has decided to set its deposit key related to the Lido protocol to zero to avoid receiving any new deposits.

Proactively Remove Affected Keys

In the coming days, the node operator will proactively remove all potentially affected keys in batches. As of a few hours ago, all validators of the operator have exited and fully withdrawn. The incident has not impacted validator operations, and user funds remain unaffected.

Lido DAO: Comprehensive Investigation

Some contributors of Lido DAO have participated in assisting the node operator in investigating this incident to understand its full scope and potential impacts. To avoid unnecessary attention before the validators are fully withdrawn, this information was not immediately disclosed.

Security Review and Future Decisions

The node operator is undergoing a more comprehensive security and backup process review, and discussions within Lido DAO may take place regarding whether the operator should continue to retain.