Crypto Security Breach at Lido DAO Triggers Governance Response

TLDR

• Lido DAO started an emergency vote to rotate a compromised Chorus One oracle
• The exploit drained ETH balance and likely resulted from a hot wallet private key leak
• The issue is restricted to one oracle and is not system-wide
• Cybersecurity remains a critical issue for cryptocurrency and DeFi
• Over $2 billion in crypto was lost to malicious activity in Q1 2025

Lido DAO, the governing body of the Lido liquid staking protocol, has launched an emergency vote to replace a compromised oracle. The security breach affects an oracle operated by Chorus One, which serves as a bridge connecting real-world data to blockchain systems.

According to Lido DAO members, the breach resulted in the draining of Ether (ETH) balance from an address belonging to the Chorus One oracle. The exact details of the incident are still under investigation by the team.

Lido Finance has clarified that this security issue is limited to the Chorus One oracle specifically. The team emphasized that the problem does not affect the entire system and is not related to any coding issues in blockchain oracle software.

Rising Cybersecurity Concerns

Chorus One representatives stated that the exploit likely occurred due to a hot wallet private key leak. To prevent future incidents, the team is setting up a new machine with enhanced security measures.

This security breach underscores the growing need for stronger cybersecurity practices in decentralized finance (DeFi). As financial systems increasingly move to blockchain technology, they present larger attack surfaces for malicious actors.

The incident is part of a troubling trend of security issues in the cryptocurrency space. Cybersecurity firm Hacken released a report detailing the extent of damage caused by various malicious activities in the first quarter of 2025.

According to the report, over $2 billion in cryptocurrency was lost due to hacks, scams, and other cybersecurity exploits during this period. The majority of these losses stemmed from the $1.4 billion Bybit hack that occurred in February 2025.

⚠️ Emergency Lido DAO vote announcement: rotate single Lido Oracle related to compromised Chorus One oracle private key.

Stakers are not affected. The protocol remains secure and fully operational. The oracle system is robust by design, with a 5/9 quorum, and all other…

— Lido (@LidoFinance) May 11, 2025

The report indicates that April 2025 saw $357 million in losses from crypto hacks alone. This represents a major increase compared to the previous month’s figures.

Hacken CEO Dyma Budorin spoke at Token2049 about these issues. He emphasized that the cryptocurrency industry must adopt more thorough cybersecurity measures and code auditing practices to address the ongoing problem of hacks and exploits.

International Response to Threats

The cybersecurity threats facing the cryptocurrency industry have gained attention at the international level. Hacking groups, particularly those associated with North Korea (DPRK), have become so concerning that G7 countries may discuss strategies to counter these threats at their next summit.

The emergency vote initiated by Lido DAO will conclude in several days. In the meantime, the investigation into the cybersecurity compromise continues as team members work to secure the protocol and prevent further damage.

For users of the Lido protocol, the team has assured that the isolated nature of the breach means that broader system functions remain intact. The quick response highlights the importance of governance mechanisms in addressing security incidents within decentralized protocols.

The vote to rotate the compromised oracle represents a proactive approach to security management in DeFi systems, where rapid response can be crucial to maintaining user trust and protocol integrity.