Chaos Labs: Oracle network intact after wallet attack

Chaos Labs reported that its Chaos Oracle Network was not breached after a weekend hacking attempt that targeted the company’s operational wallets. The firm locked systems, rotated keys and opened an investigation after detecting the activity.

Founder Omer Goldberg wrote on X that the company identified the activity over the weekend and immediately enacted a full lockdown.

Goldberg wrote, “The surface area was strictly contained to operational wallets we use for routine onchain operations. At no point was the Chaos Oracle Network breached or compromised.” He added that the oracle nodes run in an isolated environment with globally distributed nodes, layered security and cryptographic protections.

Authorities and outside cyber professionals working with Chaos Labs have characterized the activity as consistent with nation-state attacks. The company reported no further suspicious activity since the weekend and said it has rotated all keys.

Chaos Labs activated its “highest-severity incident response” in light of several high-profile exploits in April. Those incidents involved Kelp DAO, Drift Protocol and at least a dozen other crypto entities, events that disrupted lending markets and prompted many protocols to review their risk and infrastructure providers.

Following recent incidents, several crypto firms have moved or announced plans to move oracle and cross-chain services to Chainlink. Borrowing platform Tydro plans to migrate to Chainlink after the Chaos Labs attempt. Kelp DAO is moving its restaking token rsETH to Chainlink and has attributed its losses to LayerZero’s cross-chain infrastructure, a claim LayerZero disputes. Solv Protocol has also signaled plans to migrate its cross-chain setup to Chainlink.

Analysts and investigators have linked North Korea-affiliated actors to multiple thefts, with accusations that at least $578 million was taken across incidents in April. North Korea has denied involvement in those cybercrime allegations.

Goldberg noted the company allocates a substantial share of its operating budget to cyber defense, alerting and detection. Chaos Labs said it is cooperating with law enforcement and external cyber specialists while reviewing forensic evidence.

The company reported no service outages for end users and stated its core oracle feeds remained intact. Chaos Labs said it will provide further updates as investigators allow.