In response to a vulnerability disclosure by dWallet Labs, blockchain infrastructure provider and Lido node operator, InfStones, is taking security measures to address a recent vulnerability issue. The company has announced that it will be rotating its validator keys as a precautionary step following the discovery of a security threat connected to the open-source library Tailon in July. This decision comes after dWallet Labs revealed a chain of vulnerabilities that could have put over $1 billion worth of assets at risk, prompting InfStones to take proactive security actions.
Although Lido Finance acknowledged the vulnerability and expressed concerns about the potential impact on 25 of InfStones’ servers, it clarified that there is currently no indication of key leakage or compromise. Furthermore, the vulnerability was unlikely to have affected Lido Finance validators.
Despite confirming that its keys have not been compromised, InfStones has decided to transition to new keys and temporarily withdraw its Ethereum validators from Lido as a security precaution. To ensure the stability of the liquid staking protocol, InfStones will redirect staked Ether (ETH) to Lido for re-staking.
Lido Finance, the largest liquid staking platform on Ethereum with over $18 billion in total value locked, is actively collaborating with InfStones to investigate the incident and understand its full scope and potential impact.
These actions are part of InfStones’ commitment to maintaining the security and integrity of the Lido Finance ecosystem, emphasizing the importance of proactive security measures in the rapidly evolving blockchain landscape.
What prompted InfStones to rotate its validator keys?
InfStones made the decision to rotate its validator keys in response to a security threat connected to the open-source library Tailon, which was disclosed by dWallet Labs. This proactive measure aims to address the vulnerability and safeguard the assets within the Lido Finance ecosystem.
Is there any indication of compromise or leakage of keys?
While the vulnerability prompted InfStones to rotate its validator keys, Lido Finance clarified that there is currently no indication of key leakage or compromise. Additionally, the vulnerability is unlikely to have impacted Lido Finance validators.
How will InfStones ensure the stability of the liquid staking protocol during this transition?
To ensure the stability of the liquid staking protocol, InfStones will temporarily withdraw its Ethereum validators from Lido and redirect staked Ether (ETH) to Lido for re-staking. This transition to new keys aims to maintain operational stability and security.