Chaos Labs, a key oracle infrastructure provider, disclosed a suspected nation-state cyberattack over the weekend that forced it to trigger its highest-severity incident response and rotate all operational keys. While the company confirmed its core oracle network was not breached, the incident has accelerated a broader shift in decentralized finance (DeFi) as several projects move to alternative oracle solutions.
Founder and CEO Omer Goldberg stated that the attack was detected on operational wallets used for routine on-chain activity and never reached the fully isolated Chaos Oracle Network. “The surface area was strictly contained to operational wallets,” Goldberg said, adding that the network is “protected by layered security and cryptographic controls.” After the initial detection, Chaos Labs moved into a full lockdown and has seen no further suspicious activity since.
Authorities and cybersecurity professionals working with Chaos Labs described the methods as consistent with nation-state attacks, though no specific country was named. The incident comes amid heightened scrutiny of North Korea-linked hacking groups, which blockchain investigators say stole at least $578 million in crypto during April alone. Pyongyang has denied involvement.
The attempted hack followed a turbulent period for oracle security. In April, a misconfigured Chaos Labs oracle caused roughly $26.9 million in liquidations on Aave after wrapped staked Ether collateral was undervalued by 2.85%. That event, combined with ongoing governance disputes, led Chaos Labs to end its three-year risk management mandate with Aave, citing unclear legal liability for risk managers.
In the wake of the latest incident, multiple protocols announced migrations. Borrowing platform Tydro is moving to Chainlink’s oracle infrastructure, while Solv Protocol is shifting parts of its cross-chain setup from LayerZero to Chainlink. Kelp DAO, still recovering from an April exploit tied to its rsETH token, has also begun migrating its restaking token to Chainlink oracles. These moves signal a growing loss of confidence in alternative providers, even as Chaos Labs insists its core systems remained secure.
