Vulnerability Disclosure Prompts InfStones to Rotate Validator Keys
InfStones, a crucial node operator affiliated with Lido Finance, is poised to temporarily remove its Ethereum validators from the liquid staking protocol.
In response to a substantial vulnerability uncovered by security researchers at dWallet Labs, the operator plans to execute key rotations as a proactive security measure.
InfStones was informed of the vulnerability associated with the open-source library Tailon in July 2023, and the issue has been successfully addressed since then.
According to dWallet Labs, a hacker exploiting this vulnerability would have had the capability to obtain the private keys of validators across various blockchain networks, potentially leading to losses equivalent to over $1 billion in cryptocurrencies such as Ether and BNB.
“Over one billion dollars of staked assets were staked on all of these validators, and such an attacker would have been able to gain full control of all of them,” the security firm said.
Lido, the largest liquid staking protocol on Ethereum, manages over 9.23 million Ether, boasting a market value surpassing $19 billion. Lido protocol empowers users to deposit ETH and engage in network staking via validator nodes, with the validator nodes then issuing derivative tokens to users which serve as a representation of their staked deposits.
A cadre of contributors, referred to as operators, bears the responsibility of operating these ETH validator nodes. They furnish the essential IT infrastructure and servers indispensable for the seamless functioning of the nodes.
Lido Finance verified that the vulnerability was tied to potential root-level access, affecting 25 of InfStones’ validator servers. Luckily, the company also noted that there was no evidence of any key leakage or
Read more on cryptonews.com
