Oracle infrastructure remains intact following suspected nation-state cyber intrusion, Chaos Labs confirms
Following a weekend cyber intrusion suspected to be orchestrated by a nation-state actor, Chaos Labs has confirmed the security of its oracle network, stating that all keys have been rotated and the breach was limited to operational wallets only.
According to Chaos Labs, a provider of infrastructure and risk management solutions for the cryptocurrency sector, its Chaos Oracle Network—which supplies critical data feeds to various blockchain applications—remained uncompromised despite a weekend hacking incident potentially orchestrated by a "nation-state" actor.
In a Thursday post on X, Omer Goldberg, the founder of Chaos Labs, revealed that the organization detected an assault over the weekend, potentially carried out by a "nation state," prompting the company to initiate a comprehensive lockdown protocol immediately.
"The surface area was strictly contained to operational wallets we use for routine onchain operations. At no point was the Chaos Oracle Network breached or compromised."
According to Goldberg, "Chaos Oracles run in a fully isolated environment with nodes distributed globally, protected by layered security and cryptographic controls."
"The authorities and cyber professionals working with us have characterized the activity as consistent with nation-state attacks," Goldberg explained. "The investigation continues, and we will share more as it allows."
Hacker collectives with state sponsorship, especially those originating from North Korea, have long been recognized as an ongoing menace to the cryptocurrency industry.
Hackers affiliated with North Korea have been implicated in the theft of no less than $578 million across multiple significant incidents during April alone and have been connected to numerous large-scale breaches affecting the industry. Recently, North Korea has denied any association with international cybercrime operations, characterizing such accusations as baseless.
According to Goldberg, Chaos Labs has completed the rotation of all cryptographic keys following the attempted intrusion and has not observed any additional suspicious activity since then.
Recent industry exploits prompted "highest severity" response
The Kelp DAO security breach in April has emerged as one of this year's most significant security incidents, triggering widespread ecosystem contamination and affecting the interlinked cryptocurrency lending marketplace.
During the same month, Drift Protocol, a decentralized exchange platform for cryptocurrencies, along with no fewer than a dozen additional crypto organizations, fell victim to security breaches.
According to Goldberg, in light of the recent wave of security exploits, Chaos Labs activated its "highest-severity incident response" protocol upon discovering the attempted intrusion.
"We allocate a substantial share of our operating budget to cyber defense, alerting, and detection," Goldberg stated.
Several crypto firms shift to Chainlink
Following the assault on Chaos Labs, lending platform Tydro announced its transition to the Chainlink oracle platform, joining several other cryptocurrency companies that have executed similar migrations in recent weeks.
In the aftermath of the April security exploit, DeFi protocol Kelp DAO is transitioning its restaking token rsETH to the Chainlink Oracle platform. The protocol maintains its position that LayerZero's cross-chain infrastructure was responsible for the attack, a claim that LayerZero has contested.
Solv Protocol, a decentralized finance platform, has similarly announced intentions to transfer its cross-chain infrastructure away from LayerZero to Chainlink in "light of recent industry events."