Chaos Labs moves to lockdown after suspected nation-state cyberattack — oracle network said to be untouched
Chaos Labs said it went into “full lockdown” over the weekend after detecting suspicious activity tied to operational wallets, calling the incident a possible nation-state attack. In a May 8 post on X, founder and CEO Omer Goldberg said the company immediately rotated keys linked to the incident and has seen no further suspicious activity.
Goldberg emphasized the attempted breach never reached the Chaos Oracle Network itself. He described the oracle as running in a fully isolated environment, with globally distributed nodes and layered cryptographic protections. “The authorities and cyber professionals working with us have characterized the activity as consistent with nation-state attacks. The investigation continues, and we will share more as it allows,” he added.
The alert comes amid heightened scrutiny of nation-state cyber activity targeting crypto infrastructure. Blockchain investigators and security firms have linked North Korea–aligned hacking groups to at least $578 million in cryptocurrency thefts in April alone, though Pyongyang has denied involvement.
This latest scare follows a high-profile DeFi incident in April that also involved a Chaos-linked oracle. A misconfigured oracle reportedly triggered about $26.9 million in liquidations on Aave after incorrect price data undervalued wrapped staked Ether (wstETH) by roughly 2.85%, pushing at least 34 leveraged positions below collateral requirements. Post-mortems from Chaos Labs and outside researchers confirmed the pricing error and said parameters were corrected; both Aave and Chaos Labs later pledged reimbursements and said the incident did not create bad debt for the protocol.
Tensions over oracle responsibility were already rising: in April Chaos Labs ended its three-year risk management mandate with Aave, citing disputes over decentralized risk handling and warning that firms making protocol-wide risk decisions lack clear legal protections if automated systems fail. The exit compounded governance friction inside Aave, where other contributors including the Aave Chan Initiative and BGD Labs have also signaled plans to step back over budget, roadmap and DAO-control disagreements.
The attempted breach has prompted several DeFi projects to rethink oracle and cross-chain providers. Borrowing protocol Tydro announced it will migrate to Chainlink’s oracle platform. Kelp DAO — which suffered a major April exploit tied to rsETH infrastructure — is moving its restaking token to Chainlink and continues to blame LayerZero’s cross-chain stack for its prior incident (an allegation LayerZero disputes). Solv Protocol also disclosed plans to shift parts of its cross-chain infrastructure from LayerZero to Chainlink citing recent security incidents across the industry.
Chaos Labs says it will continue working with authorities and cybersecurity partners and will provide updates as the investigation permits. For now the firm insists its core oracle network remained isolated and secure despite the operational-wallet breach.
Read more AI-generated news on: undefined/news
