Lido node operator to rotate keys after security firm flags vulnerability

Lido node operator to rotate keys after security firm flags vulnerability

By Benson Toti - min read
Lido Finance to discontinue its products on Polygon starting Dec. 16
  • InfStones, a Lido node operator, will rotate its validator keys followng a vulnerability disclosure by blockchain security firm dWallet Labs.
  • The vulnerability was acknowledged by Lido, which said its security team was working with the node operator to assess the scope and potential impact.

InfStones, a blockchain infrastructure provider and one of the key node operators for liquid staking protocol Lido Finance, will look to address a recent vulnerability issue by rotating its validator keys.

The platform is expected to take the security step by temporarily withdrawing its Ethereum validators from Lido. 

Why is InfStones taking this security measure?

InfStones’ move follows the discovery of a security threat connected to the open-source library Tailon in July, and which was disclosed by researchers at blockchain security platform dWallet Labs.

That chain of vulnerabilities at InfStones that put over $1 billion worth of assets at risk. The dWallet Labs team disclosed this to the Lido node operator to allow for remediation, Elad Ernst, cybersecurity researcher at dWallet Labs wrote on X.

Lido Finance acknowledged the vulnerability, noting the potential for an impact on 25 of InfStones servers.

Lido contributors are now actively working with the Node Operator on investigating the incident to understand its full scope and potential impact,” the platform said in an update.

However, the protocol’s security team clarified that there had been no indication that keys had leaked or been compromised. The vulnerability was also unlikely to have impacted Lido Finance validators.

While InfStones notes that its keys have not been compromised, it has decided to transition to new keys. To continue with operations and to ensure stability of the liquid staking protocol, InfStone will redirect staked Ether (ETH) to Lido for re-staking.

Lido is the largest liquid staking platform on Ethereum, with more than $18 billion in total value locked (TVL) as of November 23