Chorus One Oracle Breach Triggers DAO Emergency Vote as $2B Crypto Hacks Soar in 2025

Key Takeaways: Chorus One’s Lido Oracle hot wallet was breached, resulting in the loss of 1.46 ETH and prompting an emergency Lido DAO vote. Lido confirms its protocol remains fully operational and secure due to decentralized oracle design with a 5-of-9 quorum. The incident adds to the rising trend of crypto-related hacks, with 2025 losses already exceeding $2 billion. A security incident involving the Ethereum staking protocol Lido has raised fresh concerns over oracle vulnerabilities in DeFi. On May 10, Chorus One reported that one of its hot wallets used for Lido Oracle operations was compromised, leading to a swift response from both the operator and the Lido DAO. On May 10, a hot wallet managed by Chorus One that was used to vote in the Lido Oracle was accessed by an unauthorized entity, leading to the transfer of 1.46 ETH. Our team has been working tirelessly, in collaboration with @LidoFinance , to investigate the incident. As a result,... https://t.co/IIAGdBe1pQ pic.twitter.com/ZWpSFJ43VX — Chorus One (@ChorusOne) May 11, 2025 Lido Oracle Compromised, DAO Vote Initiated Chorus One revealed via X (formerly Twitter) that an unauthorized actor accessed a hot wallet linked to Lido Oracle duties, resulting in the transfer of 1.46 ETH (roughly $3,800). Although the stolen amount was relatively minor, the security implications prompted an immediate and coordinated response. Lido Finance, in response to the breach, announced an emergency DAO vote to rotate the compromised oracle. The decentralized oracle system requires five out of nine participants to reach consensus, and the rest of the oracles remain unaffected. The DAO proposal aims to remove the compromised wallet and replace it with a newly secured address. According to Chorus One, the compromised wallet was created in 2021 and intentionally held a low balance, minimizing potential impact. It was not protected by the same security layers used for other sensitive keys in their infrastructure. The company confirmed that its current Lido Oracle key is securely stored in HashiCorp Vault with strict access controls and follows the principle of least privilege. Despite the breach, Chorus One emphasized this was an isolated incident. A full internal audit has revealed no signs of a broader compromise. Validator infrastructure and customer funds are confirmed to be safe. Read More: Manta Network Founder Avoids Lazarus Group Zoom Hack Using Deepfake and Malware Tactic Reinforced Oracle Design Keeps Lido Operational No Stakers Affected, System Integrity Remains Intact Lido’s response has underscored the resilience of its oracle architecture. The protocol operates on a decentralized oracle network, requiring only a 5-of-9 quorum for critical operations. According to Lido’s official statements, the oracle network is functioning as intended, with no indication of software failure or malicious interference beyond the single compromised address. Lido’s Head of Validators, Izzy, noted that even in extreme cases, a breach of a single oracle would only cause delays in stETH rebase updates. While these delays may affect users who engage in leveraged strategies using stETH, the broader network remains stable. The DAO vote to rotate the compromised address is already underway, receiving unanimous support, although it has yet to reach quorum as of May 12. Lido and Chorus One continue to monitor the situation and have committed to transparency as their investigation progresses. $2 Billion Lost to Crypto Hacks in 2025 Alone Incident Highlights Growing Security Challenges in DeFi The Chorus One hack occurs in the midst of a larger wave of cyberattacks that are rocking the cryptocurrency market in 2025. Hacken claims that overall losses from cryptocurrency breaches have already topped $2 billion this year, which is the fourth year in a row that losses have topped $1 billion. April alone saw $357 million in crypto-related thefts, up sharply from the previous month. The largest breach this year remains the $1.4 billion exploit at crypto exchange Bybit, reportedly carried out by the Lazarus Group, a hacking syndicate linked to North Korea. Speaking at the Token2049 conference, Hacken CEO Dyma Budorin stressed the urgency of implementing stronger security standards and thorough code audits across all layers of DeFi infrastructure. He warned that without serious industry-wide reforms, DeFi platforms remain exposed to increasingly sophisticated attackers. Reportedly, the G7 countries are now debating coordinated measures to combat state-sponsored groups’ harmful cyber activity, especially those connected to North Korea. These efforts reflect growing international concern about the intersection of financial systems and digital vulnerabilities. Chorus One’s Security Track Record and Response Chorus One, a well-regarded validator and infrastructure provider, holds ISO-27001 certification—a globally recognized standard for information security management. Still, the hot wallet connected to the attack had a legacy address that hadn’t been hardened under more recent methods. Chorus One did a complete security scan across the whole system following the event and restated its dedication to operational openness. They also reiterated that none of their clients’ assets were at risk. The company has hinted at a postmortem report to be published upon the completion of their ongoing investigation. Early indications suggest the breach was not a targeted attack, but rather an automated exploit that capitalized on legacy infrastructure weaknesses. Read More: FBI Issues Warning: Urgent Call to Block Transactions Linked to Bybit Hack Renewed Scrutiny on Oracle Security Across DeFi This event has reignited a broader conversation about the role and security of oracles in decentralized finance. While oracles are essential for feeding off-chain data to smart contracts, their centralized control points make them prime targets for exploits. Industry leaders emphasize that mitigating oracle-related risks requires not only technical solutions—like quorum-based consensus and key segmentation—but also robust governance models. Lido’s swift DAO vote and operational transparency offer a working example of crisis response, though experts warn that other platforms may not be as prepared. The breach serves as a wake-up call for DeFi protocols to reassess their oracle security, particularly as on-chain infrastructure continues to evolve in scale and complexity. Source: https://www.cryptoninjas.net/news/chorus-one-oracle-breach-triggers-dao-emergency-vote-as-2b-crypto-hacks-soar-in-2025/