Chaos Labs discloses it was attacked by a "state-sponsored actor," and Oracle network confirms it was not compromised

According to Cointelegraph, reported on May 8, Chaos Labs founder Omer Goldberg disclosed on X on Thursday that the company detected an attack over the early May weekend initiated by a suspected “state actor,” and has initiated a full-scale lockdown. According to Goldberg’s statement, the Chaos Oracle network was not compromised at any point, and the scope of the attack was strictly limited to the operational wallets used in day-to-day operations.

Attack Details and the Company’s Official Statement

According to Omer Goldberg’s statement on X on May 7, 2026, the scope of this attack was “strictly limited to the operational wallets used for routine on-chain operations,” and the Chaos Oracle network “has never been compromised or damaged.”

Goldberg said that the relevant departments and network security experts working with Chaos Labs have classified the attack activity as a “state-level attack,” and the investigation is ongoing; the company will release more information as things develop. He also added that the company “allocated a large portion of its operating budget to network defense, alerts, and detection.”

Oracle Security Architecture and Post-Incident Remediation Measures

According to Goldberg’s official statement, Chaos Oracle uses a globally distributed node architecture, runs in a fully isolated environment, and is protected by multi-layer security and encryption control mechanisms. Goldberg said that it was this architecture design that ensured the Oracle network maintained normal operation during the attack.

Chaos Labs confirmed that it has completed all key rotations since the attack attempt and said that, given recent industry attack events, the company has initiated a “highest-level incident response” procedure.

Industry Ripple Effects: Multiple Protocols Announce Migration to Chainlink

According to Cointelegraph, after this Chaos Labs security incident, several protocols announced they would migrate their Oracle or cross-chain infrastructure to the Chainlink platform:

Tydro (lending platform): announced that following the Chaos Labs security incident, it is migrating to Chainlink

Kelp DAO: after suffering an attack in April 2026, is moving its re-staked token rsETH to Chainlink; Kelp DAO attributes the attack to LayerZero’s cross-chain infrastructure, while LayerZero denies this

Solv Protocol (decentralized finance platform): citing “recent industry events,” announced plans to move its cross-chain infrastructure from LayerZero to Chainlink

According to Cointelegraph, in April 2026, the Kelp DAO hacker incident was one of the largest security incidents of the year, affecting multiple interconnected crypto lending markets; in the same month, Drift Protocol and more than 12 crypto entities were also attacked.

FAQ

When and how was the attack on the Chaos Labs security incident disclosed?

According to Cointelegraph’s May 8, 2026 report, the attack occurred during the early May weekend; Chaos Labs founder Omer Goldberg publicly disclosed the incident in a post on X on May 7, 2026 (Thursday).

Was the Chaos Oracle network damaged in this attack?

According to Omer Goldberg’s official statement, the Chaos Oracle network was not compromised or damaged throughout the incident; the attack was limited to operational wallets. Chaos Labs has completed all key rotations, and as of May 7, 2026, no additional suspicious activity has been detected.

Why did Tydro, Kelp DAO, and Solv Protocol announce migration to Chainlink at this time?

According to Cointelegraph, Tydro announced the migration citing the Chaos Labs security incident; Kelp DAO and Solv Protocol each referenced the April 2026 industry attack event and “recent industry events,” respectively, and announced that they would migrate the relevant infrastructure to the Chainlink platform.