Lido node operator rotates keys after security firm flags vulnerability
InfStones, a Lido node operator, will rotate its validator keys followng a vulnerability disclosure by blockchain security firm dWallet Labs.
The vulnerability was acknowledged by Lido, which said its security team was working with the node operator to assess the scope and potential impact.
InfStones, a blockchain infrastructure provider and one of the key node operators for liquid staking protocol Lido Finance, will look to address a recent vulnerability issue by rotating its validator keys.
The platform is expected to take the security step by temporarily withdrawing its Ethereum validators from Lido.
Why is InfStones taking this security measure?
InfStones’ move follows the discovery of a security threat connected to the open-source library Tailon in July, and which was disclosed by researchers at blockchain security platform dWallet Labs.
That chain of vulnerabilities at InfStones that put over $1 billion worth of assets at risk. The dWallet Labs team disclosed this to the Lido node operator to allow for remediation, Elad Ernst, cybersecurity researcher at dWallet Labs wrote on X.
1/ Our team at @dWalletLabs discovered a chain of vulnerabilities that could result in a loss of more than $1B in crypto assets. The full article here: https://t.co/cUUfevvUQ9 Let’s take a closer look
— Elad Ernst (@EladErnst) November 21, 2023
Lido Finance acknowledged the vulnerability, noting the potential for an impact on 25 of InfStones servers.
“Lido contributors are now actively working with the Node Operator on investigating the incident to understand its full scope and potential impact,” the platform said in an update.
However, the protocol’s security team clarified that there had been no indication that keys had leaked or been compromised. The vulnerability was also unlikely to have impacted Lido Finance validators.
To clarify: There is currently no indication of key leakage or compromise, and the vulnerability may not affect validators related the Lido protocol.
— Lido (@LidoFinance) November 22, 2023
While InfStones notes that its keys have not been compromised, it has decided to transition to new keys. To continue with operations and to ensure stability of the liquid staking protocol, InfStone will redirect staked Ether (ETH) to Lido for re-staking.
Lido is the largest liquid staking platform on Ethereum, with more than $18 billion in total value locked (TVL) as of November 23
The post Lido node operator rotates keys after security firm flags vulnerability appeared first on CoinJournal.