- InfStones, a key node operator for Lido Finance, plans to rotate validator keys due to a security vulnerability linked to the open-source Tailon library.
- The vulnerability impacted less than 0.1% of InfStones’ systems, specifically 25 validator servers, with no evidence of key leakage or exploitation.
- A crypto whale invested in 2 million $LDO tokens, leading to significant market activity, including borrowing from Aave to purchase more LDO.
InfStones, a prominent blockchain infrastructure provider and key node operator for Lido Finance, a leading liquid staking protocol on Ethereum, has announced plans to rotate its validator keys in response to a recently identified security vulnerability. This proactive measure follows the discovery of a security threat linked to the open-source library Tailon, which was reported by dWallet Labs’ security researchers in July 2023.
The vulnerability, which raised concerns about potential root-level access, was found to impact 25 of InfStones’ validator servers. However, Lido Finance has clarified that there is no evidence of key leakage or exploitation due to this issue. Despite this assurance, the incident has prompted InfStones to undertake significant security precautions.
Lido Finance, overseeing 9.23 million ether with a market value exceeding $19 billion, allows users to deposit ETH and participate in network staking. Validator nodes, operated by a network of contributors like InfStones, issue derivative tokens representing users’ staked deposits.
InfStones has stated that the vulnerability affected less than 0.1% of its systems, specifically through a network port associated with Tailon. The company emphasized that the issue was confined to a small portion of its infrastructure, affecting only a fraction of its live nodes.
In response, InfStones has agreed to exit its validators and transition to new keys, subject to governance approval. Key rotation, in this scenario, involves InfStones updating its Ethereum validators’ cryptographic keys to bolster security following the vulnerability discovery. The ether previously staked on the potentially affected validators will be redirected to the Lido protocol for re-staking, ensuring the continuity and stability of the service.
Amidst this backdrop, blockchain analytics platform Lookonchain reported a significant investment activity in Lido’s native token, LDO. A cryptocurrency whale has been identified as having purchased a total of 2 million LDO, valued at approximately $3.6 million, since October 2. This investment has yielded a profit of around $1.4 million at current prices. Furthermore, the whale has deposited all 2 million LDO, equivalent to $5 million, into the Aave platform and borrowed 1.56 million USDT to acquire more LDO.