Chaos Labs Responds to Suspected Cyberattack
Chaos Labs has taken proactive measures to secure its operations following a suspected cyberattack, likely orchestrated by a government-backed entity. This incident prompted the firm to immediately implement a lockdown of its systems, as detailed by founder and CEO Omer Goldberg in a statement shared on the social media platform X on May 8. During a routine surveillance of operational wallets intended for on-chain activities, the team detected unusual activity that raised alarm bells.
Security Measures and Investigation
Goldberg reassured stakeholders that, despite the incident, the Chaos Oracle Network itself remained untouched and operates within a fully isolated environment, enhanced by globally distributed nodes and multi-layered cryptographic protections. Following the detection, Chaos Labs has rotated all relevant security keys and claims to have found no further signs of suspicious activity beyond the initial alert.
The ongoing investigation into this event has suggested to cybersecurity experts and relevant authorities that the nature of the attack is consistent with techniques typically employed in nation-state operations. Details surrounding the involvement of North Korean hacking groups have been noted, especially given their alleged connection to significant cryptocurrency thefts totaling $578 million in April alone. Despite these claims, the North Korean government has consistently denied any participation in cybercriminal activities, labeling such assertions as unfounded.
Previous Incidents and Partnerships
This attack comes on the heels of a notable incident involving Chaos Labs tied to decentralized finance (DeFi) earlier this year. In April, a misconfigured oracle that the company provided led to approximately $26.9 million in liquidations on the Aave platform due to erroneous price data affecting collateral valuations. Reports indicated that a miscalculation undervalued wrapped staked Ether collateral by roughly 2.85%, impacting over 34 financial positions before corrective measures were enacted. Ultimately, both Aave and Chaos Labs have committed to compensating those affected without creating debt troubles for the protocol.
Amidst rising tensions and accountability regarding oracle functions, Chaos Labs announced in April its decision to terminate a three-year risk management partnership with Aave. This decision stemmed from disagreements over decentralized financial risk protocols and concerns related to legal liabilities for risk managers in large DeFi frameworks. Chaos Labs emphasized that existing entities making risk-related decisions do not possess adequate regulatory safeguards in the event of technical failures.
Industry Reactions and Changes
The fallout from the attempted breach has prompted numerous other DeFi projects to reassess their reliance on specific oracle infrastructure. Notably, the lending protocol Tydro has decided to transition to Chainlink’s oracle services. Similarly, Kelp DAO, which previously experienced a major exploit attributed to its rsETH infrastructure, is moving its restaking token services to Chainlink after disputing claims around LayerZero’s cross-chain infrastructure. Solv Protocol has also revealed plans to shift segments of its cross-chain connections from LayerZero to Chainlink in light of recent security concerns surfaced across the industry.
