{"id":24699,"date":"2023-11-23T17:31:23","date_gmt":"2023-11-23T17:31:23","guid":{"rendered":"https:\/\/crowdfundjunction.com\/blog\/lido-node-operator-infstones-rotates-keys-to-address-vulnerability\/"},"modified":"2023-11-23T17:31:23","modified_gmt":"2023-11-23T17:31:23","slug":"lido-node-operator-infstones-rotates-keys-to-address-vulnerability","status":"publish","type":"post","link":"https:\/\/crowdfundjunction.com\/blog\/lido-node-operator-infstones-rotates-keys-to-address-vulnerability\/","title":{"rendered":"Lido node operator InfStones rotates keys to address vulnerability"},"content":{"rendered":"<p><b>(Originally posted on : CoinJournal: Latest Bitcoin, Ethereum &amp; Crypto News )<\/b><br \/>\n<\/p>\n<div>\n<div class=\"post-article-image  -mt-24  mb-8  lg:-mt-32  rounded  overflow-hidden\">\n<picture><source srcset=\"https:\/\/coinjournal.net\/wp-content\/uploads\/imagecache\/2023\/05\/1684258464623-c7c4a0b1-8dec-491a-8a79-35a6d02a8358-smartcrop-750x375.webp\" type=\"image\/webp\" media=\"(min-width: 750px)\"\/><source srcset=\"https:\/\/coinjournal.net\/wp-content\/uploads\/imagecache\/2023\/05\/1684258464623-c7c4a0b1-8dec-491a-8a79-35a6d02a8358-smartcrop-363x181.webp\" type=\"image\/webp\"\/><source srcset=\"https:\/\/coinjournal.net\/wp-content\/uploads\/imagecache\/2023\/05\/1684258464623-c7c4a0b1-8dec-491a-8a79-35a6d02a8358-smartcrop-750x375.jpg\" type=\"image\/jpeg\" media=\"(min-width: 750px)\"\/><source srcset=\"https:\/\/coinjournal.net\/wp-content\/uploads\/imagecache\/2023\/05\/1684258464623-c7c4a0b1-8dec-491a-8a79-35a6d02a8358-smartcrop-363x181.jpg\" type=\"image\/jpeg\"\/>\n<\/picture>                    <\/div>\n<ul>\n<li dir=\"ltr\">InfStones, a Lido node operator, will rotate its validator keys followng a vulnerability disclosure by blockchain security firm dWallet Labs.<\/li>\n<li dir=\"ltr\">The vulnerability was acknowledged by Lido, which said its security team was working with the node operator to assess the scope and potential impact.<\/li>\n<\/ul>\n<p dir=\"ltr\">InfStones, a blockchain infrastructure provider and one of the key node operators for liquid staking protocol <a href=\"https:\/\/coinjournal.net\/lido-dao\/\">Lido Finance<\/a>, will look to address a recent vulnerability issue by rotating its validator keys.<\/p>\n<p dir=\"ltr\">The platform is expected to take the security step by temporarily withdrawing its <a href=\"https:\/\/coinjournal.net\/ethereum\/\">Ethereum<\/a> validators from Lido.\u00a0<\/p>\n<h2 dir=\"ltr\">Why is InfStones taking this security measure?<\/h2>\n<p dir=\"ltr\">InfStones\u2019 move follows the discovery of a security threat connected to the open-source library Tailon in July, and which was disclosed by researchers at blockchain security platform dWallet Labs.<\/p>\n<p dir=\"ltr\">That chain of vulnerabilities at InfStones that put over $1 billion worth of assets at risk. The dWallet Labs team disclosed this to the Lido node operator to allow for remediation, Elad Ernst, cybersecurity researcher at dWallet Labs wrote on X.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">1\/ Our team at <a href=\"https:\/\/twitter.com\/dWalletLabs?ref_src=twsrc%5Etfw\">@dWalletLabs<\/a> discovered a chain of vulnerabilities that could result in a loss of more than $1B in crypto assets. The full article here: <a href=\"https:\/\/t.co\/cUUfevvUQ9\">https:\/\/t.co\/cUUfevvUQ9<\/a> Let&#8217;s take a closer look<\/p>\n<p>\u2014 Elad Ernst (@EladErnst) <a href=\"https:\/\/twitter.com\/EladErnst\/status\/1726921232313090180?ref_src=twsrc%5Etfw\">November 21, 2023<\/a><\/p>\n<\/blockquote>\n<p dir=\"ltr\">Lido Finance acknowledged the vulnerability, noting the potential for an impact on 25 of InfStones servers.<\/p>\n<p dir=\"ltr\">\u201c<em>Lido contributors are now actively working with the Node Operator on investigating the incident to understand its full scope and potential impac<\/em>t,\u201d the platform said in an update.<\/p>\n<p dir=\"ltr\">However, the protocol\u2019s security team clarified that there had been no indication that keys had leaked or been compromised. The vulnerability was also unlikely to have impacted Lido Finance validators.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">To clarify: There is currently no indication of key leakage or compromise, and the vulnerability may not affect validators related the Lido protocol.<\/p>\n<p>\u2014 Lido (@LidoFinance) <a href=\"https:\/\/twitter.com\/LidoFinance\/status\/1727326935708016981?ref_src=twsrc%5Etfw\">November 22, 2023<\/a><\/p>\n<\/blockquote>\n<p dir=\"ltr\">While InfStones notes that its keys have not been compromised, it has decided to transition to new keys. To continue with operations and to ensure stability of the liquid staking protocol, InfStone will redirect staked Ether (ETH) to Lido for re-staking.<\/p>\n<p dir=\"ltr\">Lido is the largest liquid staking platform on Ethereum, with more than $18 billion in total value locked (TVL) as of November 23<\/p>\n<div class=\"post-meta\">\n<hr class=\"mb-6\"\/>\n<h6 class=\"text-3xl  mb-4  text-green-300\">Share this article<\/h6>\n<hr class=\"mb-6\"\/>\n<h6 class=\"text-3xl  mb-4  text-green-300\">Categories<\/h6>\n<hr class=\"mb-6\"\/>\n<h6 class=\"text-3xl  mb-4  text-green-300\">Tags<\/h6>\n<\/p><\/div>\n<\/p><\/div>\n<p><script async src=\"\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><a href=\"https:\/\/coinjournal.net\/news\/lido-node-operator-rotates-keys-after-security-firm-flags-vulnerability\/\">Source link <\/a><br \/>\n<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>(Originally posted on : CoinJournal: Latest Bitcoin, Ethereum &amp; Crypto News ) InfStones, a Lido node operator, will rotate its validator keys followng a vulnerability disclosure by blockchain security firm dWallet Labs. The vulnerability was acknowledged by Lido, which said its security team was working with the node operator to assess the scope and potential [&hellip;]<\/p>\n","protected":false},"author":13,"featured_media":24700,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0},"categories":[35],"tags":[],"_links":{"self":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts\/24699"}],"collection":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/comments?post=24699"}],"version-history":[{"count":0,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts\/24699\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/media\/24700"}],"wp:attachment":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/media?parent=24699"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/categories?post=24699"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/tags?post=24699"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}