Chaos Labs said Thursday its oracle network was not breached after what it characterised as a nation-state attack attempt over the weekend. All operational keys have been rotated. No suspicious activity detected since.
The crypto risk management firm runs an oracle service that feeds pricing data to blockchain applications. Founder Omer Goldberg said the attack surface was limited to operational wallets used for routine on-chain transactions. The Chaos Oracle Network itself, which runs in an isolated environment with distributed nodes and layered cryptographic controls, was not compromised.
Chaos Labs oracle secure despite operational wallet breach attempt
Goldberg said cyber professionals and authorities working with the firm have characterised the activity as consistent with nation-state patterns. The investigation continues. No further detail on attribution was provided.
State-backed hacking groups, particularly those linked to North Korea, have targeted crypto infrastructure repeatedly. North Korean actors were accused of stealing at least $578 million across several incidents in April alone. Pyongyang has denied the allegations, calling them unfounded.
The attempted intrusion triggered what Goldberg described as Chaos Labs’ highest-severity incident response. The firm allocates a substantial portion of its operating budget to cyber defence, alerting, and detection systems.
Recent exploits drive migration to alternative oracle providers
Several crypto platforms have shifted to alternative oracle infrastructure in recent weeks. Borrowing platform Tydro said it is migrating to the Chainlink oracle network following the Chaos Labs attack attempt. DeFi protocol Kelp DAO is also moving its restaking token rsETH to Chainlink after an April exploit that Kelp continues to attribute to LayerZero’s cross-chain infrastructure, a claim LayerZero disputes.
| Platform | Action | Timing |
|---|---|---|
| Chaos Labs | Keys rotated, oracle intact | Post-weekend attack |
| Tydro | Migrating to Chainlink | Recent weeks |
| Kelp DAO | Migrating to Chainlink | Post-April exploit |
| Solv Protocol | Switching from LayerZero | Flagged plans |
Decentralised finance platform Solv Protocol has also flagged plans to migrate its cross-chain infrastructure from LayerZero to Chainlink in light of what it called recent industry events.
April saw heightened exploit activity across crypto sector
The Kelp DAO hack in April was one of the year’s largest security incidents, causing contagion across the interconnected crypto lending market. Decentralised exchange Drift Protocol and at least a dozen other entities were compromised in the same month.
Chaos Labs previously served as a risk provider to lending protocol Aave before stepping back from that role earlier this year, a decision Goldberg said at the time was not made in haste.
Goldberg said there has been no further suspicious activity since the weekend incident. The firm continues to work with authorities on the investigation. No timeline was given for when additional details might be disclosed.
This article is for information purposes only and does not constitute investment advice. Readers should not act on any information contained here without first consulting an authorised financial adviser. Past performance is not a reliable indicator of future results.
