Lido discloses a security incident involving Ethereum node operator Numic, which did not affect user funds
ChainCatcher message, Lido released a disclosure regarding the security incident involving Ethereum node operator Numic. On May 14, Lido DAO contributors became aware of a security vulnerability that affected active node operators using Lido on the Ethereum protocol (Numic).
The security vulnerability occurred a few days ago, affecting a developer's machine that had access to the backup of the mainnet validator's cryptographic key materials. It is currently unclear whether the encrypted key materials were accessed, copied, or otherwise manipulated, nor is it known whether the decryption materials for that data were discovered or if the encryption was compromised.
In response to the identification that the encrypted backup may have been accessed, and for security reasons, the node operators decided to: set the deposit keys associated with the Lido protocol to zero to avoid receiving any further deposits; and to voluntarily exit all potentially affected keys in a staggered manner over the next few days.
As of a few hours ago, all operators' validators have exited (and fully withdrawn). This incident did not affect the operation of the validators, nor did it impact user funds.