Lido DAO showcased its decentralised resilience during a security breach regarding a compromised oracle on May 10, 2025. The protocol initiated an emergency rotation, proving how resilient a well-established DeFi platform can be.
The attacker siphoned 1.46 ETH (~$3,800) from Chorus One’s oracle node. While the sum was small, the incident raised important worries. Lido DAO acted speedy separating the node, verifying the rest, and coordinating with Chorus One’s team.
By that evening, published a detailed report and proposed a key rotation. Within 72 hours, 3 oracles Accounting Oracle, Validators Exit Bus, and CS Fee Oracle were all secured under new keys.
Robust Infrastructure
Lido DAO’s design held strong due to its 5-of-9 oracle consensus model. Despite one node being compromised, the system ran uninterrupted. This architecture prevents manipulation unless five oracles are compromised at the same time, a virtually impossible task.
Security design has a significant part to play here. It employs a three-tier key strategy: validator withdrawal cold storage, warm keys protected by HSMs, and hot wallets with low funds. The compromised key was part of the least important tier.
In addition, sophisticated monitoring activated alerts only 47 minutes into the breach. Such rapid detection allowed for swift action, containing the damage and safeguarding protocol integrity.
Lido DAO Governance Triggers Rapid Action
Lido DAO’s community passed Proposal #10037 to replace the compromised oracle. The DAO reduced its typical voting period to 72 hours and added a 48-hour objection period. This enabled a rapid but democratic process.
The governance mechanism included:
- Weighted voting (1 LDO = 1 vote)
- Dynamic quorum (5% of supply)
- Smart contract-based execution
In spite of the urgency, the vote reached 18.9% three times higher than normal. This demonstrates Lido DAO’s community cares about security.
Lido DAO Establishes DeFi Security Standard
Lido DAO was able to maintain ETH’s peg at close to 1:1 and experienced only a 2.4% decline in LDO, which rapidly recovered. The event did not have any impact on validator queues and protocol performance.
Some of the most important security lessons learned were:
- Always restrict key privileges.
- Periodically rotate keys, not only following an incident.
- Implement behavioural analytics to identify unusual signing behaviour.
In comparison to other conventional finance networks such as SWIFT or Fedwire, Lido DAO’s reaction was faster and more open. The complete resolution was received within less than 72 hours.
Lido DAO’s response to this breach is a masterclass in decentralised crisis management. Although the loss was minimal, the recovery demonstrated big-league maturity. With new upgrades on the horizon, such as zk-SNARK oracles and whitehat incentives Lido DAO is developing a future-proof protocol.
