Ethereum 2.0 detected a dangerous bug

With it, node operators may be able to steal user funds

08.10.2021 - 09:55

408

1 min

What's new? On Twitter, Stake Wise posted news about the discovery of a critical bug in Ethereum 2.0 protocols called Lido and Rocket Pool. According to the co-founder of the service Dmitry Tsumak, there is a serious risk of the funds’ theft.

1/ Last night around 7PM UTC, our founder Dmitri Tsumak (@tsudmi) discovered a severe vulnerability in @Rocket_Pool that could lead to the theft of users’ funds if exploited. Upon further examination, it became apparent that @LidoFinance's architecture was also affected. https://t.co/xlpZMYkFMe— StakeWise (@stakewise_io) October 5, 2021

What consequences can be there? This vulnerability allows validators and operators of Ethereum 2.0 nodes to take over users' assets. Lido representatives believe that about $71 million is already under threat, however, in their opinion, node operators will not use this bug, because they represent “respected and ethical companies”.

When will the bug be fixed? Currently, Lido has limited stacking limits for operators, and Rocket Poll has reported testing new methods for bug fixing in collaboration with Sigma Prime auditors. Preliminary verification results may be available by October 18.

Author: