Follow up to Yielding Yellowthroat Incident Report
As mentioned previously, on August 24th, it came to the attention of SDVT coordinators that narko2t1 from the SDVT Yielding Yellowthroat Obol cluster had an address compromised (the Individual Manager address, which was the same as the Rewards Address) as a result of the participant having their password manager compromised, with multiple addresses being drained.
Cluster participants from the Yielding Yellowthroat cluster then coordinated to utilize voluntary exits to trigger exits for the cluster’s 80 active validators, all of which have now exited.
Following the incident, a discussion was opened with the cluster participants and the Lido Node Operator Subgovernance Group about whether narko2t1 should continue to participate as a member of the Yielding Yellowthroat cluster. The other cluster participants and LNOSG agreed that narko2t1 should continue to participate as a member of the cluster, taking greater care to limit exposure of his Simple DVT addresses and to use a cold wallet.
Conclusion
An Easy Track is expected this week to re-create the rewards splitter contracts, and the cluster will coordinate to add narko2t1’s new address to the multisig and reform the cluster via DKG.