Lido Finance, the leading liquid staking protocol, has announced the temporary suspension of deposits to the ZKsync Era wstETH bridge after identifying a potential security flaw in the endpoint contract. The proactive measure was taken to safeguard user assets, though the protocol team confirmed that there is currently no evidence of any exploitation. This incident highlights the ongoing security challenges faced by cross-chain infrastructure within the decentralized finance (DeFi) ecosystem.
Impact Assessment and Security Measures
The technical team at Lido clarified that the vulnerability is isolated specifically to the ZKsync bridging endpoint contract. Other bridging solutions and integration points managed by the DAO remain fully operational and secure. Current holders of wstETH (wrapped staked Ether) on the ZKsync network are not at risk, and the functionality of the token within the Layer-2 environment remains intact.
- Ongoing token transfers within the ZKsync network are fully functional.
- Withdrawals from the ZKsync bridge to the Ethereum mainnet remain operational.
- New deposits to the ZKsync bridge are the only service currently restricted.
The decision to maintain withdrawal functionality indicates that the vulnerability likely relates to the deposit intake or minting logic rather than the underlying collateral vault.
Resolution Timeline and Governance Actions
A technical fix for the vulnerability has already been developed by Lido's contributors. However, in accordance with the protocol’s commitment to security and decentralized oversight, the patch must undergo a rigorous security audit before deployment. The implementation of the fix is scheduled to coincide with the next Lido governance multi-sig vote, which is expected to occur between late March and early April 2026.
"The fix will be audited and deployed through the next scheduled on-chain Lido governance multi-sig vote, after which deposits will resume."
The protocol maintains a high level of transparency regarding its smart contract security protocols. By utilizing the existing governance schedule, Lido ensures that the update is processed through standard decentralized procedures, preventing unauthorized or rushed changes to the core code. Investors and liquidity providers are advised to monitor official Lido communication channels for the specific date of the deposit resumption, while Ethereum staking operations on the mainnet continue to function without interruption.
Frequently Asked Questions
Quick answers to the most common questions about this topic.