Chaos Labs has said its oracle infrastructure remained secure after what the company described as a possible nation-state cyberattack that triggered emergency security measures over the weekend.
Summary
- Chaos Labs said its oracle network was not compromised during a suspected nation-state cyberattack.
- The company rotated all operational keys after triggering its highest severity incident response over the weekend.
According to Chaos Labs founder and CEO Omer Goldberg, the company moved into a full lockdown immediately after detecting suspicious activity tied to operational wallets used for routine on-chain functions.
In a May 8 statement shared on X, Goldberg said the attack never reached the Chaos Oracle Network itself, which he described as operating in a fully isolated environment with globally distributed nodes protected by layered cryptographic security systems.
Goldberg stated that Chaos Labs has rotated all keys connected to the incident and has not identified any additional suspicious activity since the initial detection.
“The authorities and cyber professionals working with us have characterized the activity as consistent with nation-state attacks. The investigation continues, and we will share more as it allows,” he said.
North Korea-linked hacking groups have remained under scrutiny across the crypto sector following several major exploits this year.
Blockchain investigators and cybersecurity firms have connected North Korean actors to at least $578 million in crypto thefts during April alone, while Pyongyang has publicly denied involvement in global cybercrime operations and called such accusations unfounded.
Oracle security returns to focus after recent DeFi exploits
The attempted breach surfaced weeks after Chaos Labs became tied to one of the most closely watched DeFi security incidents of 2025.
In April, a misconfigured oracle linked to Chaos Labs triggered roughly $26.9 million in liquidations on Aave after incorrect pricing data pushed several leveraged positions below required collateral thresholds.
Post-mortem reports from Chaos Labs and external researchers said the issue undervalued wrapped staked Ether collateral by around 2.85%, affecting at least 34 positions before parameters were corrected.
Aave and Chaos Labs later said affected users would be reimbursed and confirmed the incident did not create bad debt for the protocol.
Tensions surrounding Oracle accountability had already intensified before the latest attempted hack.
Chaos Labs announced in April that it was ending its three-year risk management mandate with Aave, citing disagreements over how decentralized finance risk should be handled and raising concerns about undefined legal liability for risk managers operating large-scale DeFi systems.
At the time, Chaos Labs warned that firms responsible for protocol-wide risk decisions lacked clear regulatory protections if automated systems malfunctioned.
The exit added to governance disputes already unfolding inside Aave, where Aave Chan Initiative and BGD Labs had also disclosed plans to step back from their roles amid disagreements over budgets, roadmap control, and DAO governance structure.
Recent attacks across decentralized finance protocols have pushed several projects to reassess their infrastructure providers.
Borrowing protocol Tydro said it is migrating to Chainlink’s oracle platform following the attempted attack involving Chaos Labs.
Kelp DAO, which suffered a major exploit in April connected to its rsETH infrastructure, has also started migrating its restaking token to Chainlink oracle services. Kelp DAO continues to attribute the exploit to LayerZero’s cross-chain infrastructure, an allegation LayerZero has disputed publicly.
Solv Protocol separately disclosed plans to move parts of its cross-chain infrastructure from LayerZero to Chainlink, citing recent security incidents across the industry.
Be the first to comment