Earlier today, one of Lido’s oracle signing keys, operated by Chorus One, was compromised. What does this mean? () Most importantly: The oracle isn't a multi-sig. It doesn’t custody funds and cannot drain the protocol. No user deposits were ever at risk. So, what exactly is this oracle for? Lido uses a 5-of-9 oracle to report Ethereum consensus layer state to Ethereum execution layer smart contracts. Basically, it informs the Lido contracts how much validators earned for users that day, whether any slashings occurred, etc. What's the worst-case scenario? If the entire oracle were compromised, it could misreport the consensus layer state, causing stETH to slightly rebase in either direction. However, the impact is significantly limited, as the Lido protocol strictly bounds what oracle updates it accepts. You might have heard the attacker stole 1.4 ETH. True—but this was gas money sitting in the compromised account, unrelated to the protocol. Due to how the oracle aggregates reports from multiple signers, compromising even four keys wouldn't affect the final outcome. Even with five or more, the potential damage is tightly bounded. The fact that CL state isn't directly available on the EL is a known Ethereum limitation all staking pools face. Actually, this is a perfect example of how Lido approaches security—actively hardening all external dependencies. Not only does Lido have tight sanity checks on allowed updates, but next year the entire mechanism will transition to a ZK proof. ( For more details on today's incident, technical insights into Lido’s oracle design, and what makes our security culture stand out, check out Izzy’s thread as well: