On March 4th, it was reported that the Ethereum liquidity staking protocol Lido Finance recently announced that it has suspended new bridging deposits due to a potential security vulnerability found in the wstETH bridge contract endpoint on its ZKsync network. Lido stated in a notice that there are no signs of the vulnerability being exploited so far, and assets held by wstETH holders on ZKsync remain unaffected. Withdrawal and token transfer functions are still operating normally. This suspension is a precautionary measure aimed at reducing potential risks.
The issue involves the wstETH bridge contract endpoint on the ZKsync network. This smart contract is responsible for transferring staked ETH between the Ethereum mainnet and the ZKsync Layer 2 network. Although Lido has not disclosed specific technical details of the vulnerability, it has activated an emergency multi-signature mechanism to temporarily restrict bridging deposits to prevent potential attack vectors.
ZKsync is the fifth Layer 2 integration deployed by Lido. The bridging solution was developed jointly by Lido, Matter Labs, and txSync, with the goal of establishing a standardized cross-chain wstETH bridge contract. The wstETH bridging feature on ZKsync was launched in January 2024, following approval through governance voting by Lido DAO.
Lido stated that a fix for the vulnerability has been developed, but due to the protocol’s decentralized governance model, the patch must be reviewed and deployed through the next on-chain governance proposal. The current schedule estimates that the governance vote will take place from late March to early April 2026. Until the fix is officially implemented, the new bridging deposit function will remain suspended.
For DeFi users, this process reflects the security mechanism of decentralized governance and also indicates that the repair progress depends on on-chain voting coordination. Historical experience shows that upgrading or fixing vulnerabilities in DeFi protocols often takes a considerable amount of time to complete the community governance process.
In the market, related tokens have experienced short-term pressure. Lido’s governance token LDO dropped over 3.5% in the past 24 hours, trading around $0.305; meanwhile, ZKsync’s native token ZK also declined more than 3.1%, trading near $0.018. However, analysts note that both tokens were already in a downward trend before the announcement, and the security incident has further intensified market caution.
It is worth noting that Lido currently controls about one-third of the staked ETH on the Ethereum network, making it the largest single staking service provider. Therefore, even potential security risks could have spillover effects on the entire Ethereum staking ecosystem. Currently, Lido has confirmed that the withdrawal function for wstETH on ZKsync remains operational and user assets are not directly threatened.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Solana non-USD stablecoin user count has grown nearly threefold year over year, with EURC and BRZ leading the way
The number of independent senders of non-USD stablecoins on the Solana chain has grown nearly threefold year over year, driven mainly by the euro stablecoin EURC and the Brazilian real stablecoin BRZ. Solana’s technical advantages have attracted the integration of multiple payment providers, reflecting a rising market demand for cross-border payments on high-throughput blockchains.
GateNews38m ago
Drift Protocol suffers losses of about $280 million from a new type of attack, and management control is taken over
Drift Protocol recently suffered a complex attack. Malicious actors used the durable nonce technology to obtain unauthorized administrative privileges, resulting in approximately $280 million in funds being withdrawn. The investigation found no program vulnerabilities; it may involve social engineering. Drift has frozen protocol functionality and updated the multisig to protect assets.
GateNews1h ago
USD.AI launches a token with a “non-transferable” trap; CHIP claims are open but trading is impossible
USD.AI has opened claims for the token CHIP, but trading is still not possible, which does not match the settlement standard “issue tokens” for prediction markets, resulting in settlement being “No.” The agreement is led by Framework Ventures, and although it has market momentum, there are risks in the lending model and team background that need to be assessed. The official listing date will be key to pricing.
MarketWhisper2h ago
March DEX total trading volume fell to $20.2 billion, and Solana DEX trading volume hit the lowest level since September 2024.
Gate News message, April 2, Defillama data shows that in March 2026, the total DEX trading volume was $202.0 billion, nearly dropping back to the $251.3 billion level from March 2025. During the same period, Solana DEX trading volume was about $57.3 billion, falling to its lowest level since September 2024.
GateNews3h ago
XRP Today News: New OCC regulations take effect, speeding up Ripple’s banking license process
The U.S. Office of the Comptroller of the Currency (OCC) issued Bulletin 2026-4, effective April 1, providing a clear regulatory path for Ripple’s national trust bank and allowing it to operate after meeting the conditions to open for business. This bulletin replaces “fiduciary activities” with “the operations of a trust company,” expanding the organization’s service scope, including digital asset custody services. Ripple’s regulatory status has undergone a significant transformation, and in its application for a licensed institution, it seeks a Federal Reserve master account, focusing on the growth and challenges of the digital asset market.
MarketWhisper3h ago
DeFi platform Drift was hacked on April Fools' Day! The hacker drained $270 million in assets, with the administrator key being the vulnerability.
Drift Protocol suffered a major security incident on April 1, with losses exceeding $270 million, and TVL dropped sharply within 12 minutes. The investigation shows the attackers began deploying three weeks earlier, using forged tokens and an administrator key vulnerability to carry out manipulation, resulting in large-scale withdrawals of funds. The incident dealt a severe blow to market confidence, and Drift is seeking to recover the funds and strengthen its security protections.
CryptoCity4h ago
