TechFlow news: Lido's official Twitter account announced that within the past 24 hours, contributors to the Lido DAO discovered a vulnerability affecting InfStones, an active node operator for Lido on Ethereum. This vulnerability had been exploited at certain times over the past few months. The issue was originally disclosed to InfStones in July 2023 by security researchers from dWallet Labs.
The node operator has declared the vulnerability resolved. It involved potential exposure of root-level access to 25 validator servers to external attackers who may have no relation to the Lido protocol, possibly including access to critical materials. It remains unclear whether servers and/or keys associated with Lido validators were included in the affected systems. There is currently no evidence indicating that any keys were compromised due to this vulnerability. However, as a precautionary measure, InfStones voluntarily exited all validators and rotated to new keys, pending DAO approval. All ETH from the exited validators will flow back into the Lido protocol through the withdrawal process and will subsequently be re-staked using available keys in the buffer.




