Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Staking liquidity solution Lido Finance discovered a loophole through the Lido vulnerability bounty program, which can be used by whitelisted node operators to steal a small portion of user funds. Approximately 20,000 ETH were exposed to risk at the time of the vulnerability report. At present, the team has taken short-term remedial measures. The white hat for reporting the vulnerability is Dmitri Tsumak, the founder of StakeWise, who is expected to receive the highest reward of the vulnerability bounty program of $100,000. Attack method (per SlowMist): Contract Vulnerability. Reported loss: -.
- chain
- —
- protocol
- Lido Finance
- bug_class
- logic
- date_occurred
- 2021-10-05
- loss_usd
- —
- source_id
- sm:lido-finance::2021-10-05