Golden Finance reported that InfStones, a key node operator of Lido Finance, will temporarily withdraw its Ethereum validator from the liquidity staking protocol and implement key rotation in response to a major vulnerability disclosed by dWallet Labs security researchers. The vulnerability is related to the open source library Tailon, which was reported to InfStones in July 2023 and has now been resolved. Lido Finance confirmed that the vulnerability is related to potential root-level access affecting 25 InfStones validator servers. However, Lido clarified that there is no evidence that this issue has led to any key leaks or exploits. dWallet Labs claimed in its security report that the vulnerability could cause security vulnerabilities that affect ETH staked on Lido through InfStones nodes. Therefore, the company recommends rotating validator keys for all nodes that may be exposed to the vulnerability.
