DeFiMay 25, 2026

What You're Actually Trusting When You Stake ETH Into Lido

Lido was founded in 2020 to solve a real problem. After Ethereum transitioned to proof-of-stake, becoming a network validator required locking at least 32 ETH, a threshold that excluded most holders. Lido's solution was elegant: deposit any amount of ETH, receive equivalent stETH tokens that automatically accumulate staking rewards while remaining freely usable within DeFi. It solved both the liquidity problem and the entry barrier, and it solved them well enough that by the end of 2023, Lido controlled 32.3% of all staked ETH on Ethereum.

In traditional finance, when an institution grows large enough that its failure cannot be absorbed by the market in an orderly way, regulators classify it as a systemically important financial institution, meaning its problems are no longer only its own. In 2023, Lido's scale on Ethereum came to reflect a specific number: when it almost touched 33%, it had already become that institution that is too big to fail.

Ethereum's consensus mechanism depends on a broadly distributed validator set. Approximately every 12 minutes, the network needs to reach finality, confirming that a set of transactions is irreversible. This final confirmation requires more than two-thirds of the staked supply to agree. Conversely, if a single entity controls more than one-third, it can prevent that confirmation from being reached, leaving transactions in an unresolved state. This is not a conventional hack. But it is a structural risk that the Ethereum community takes seriously, technically known as a Finality Attack. When this risk materializes, all applications built on Ethereum, including DeFi lending, stablecoins, and NFT markets, would lose transactional reliability during that window. Lido's scale came close to this threshold in 2023.

It is worth noting that Lido does not hold that ETH as a single entity. As of Q4 2025, its staking is distributed across 36 curated node operators. Crossing the one-third threshold does not automatically mean an attack; it would require coordinated action across those operators. But the core question is not about individual operators. It is about the governance layer: who decides which operators participate, continue, or get removed? The answer is Lido's DAO.

The way this DAO functions is worth examining carefully.

Lido's governance is decided by LDO token holders through a one-token-one-vote system. According to Lido's official token distribution announcement, the initial allocation at launch was: DAO treasury approximately 36.32%, early investors approximately 22.18%, early developers approximately 20%, founders and future employees approximately 15%, and validators and signatories approximately 6.5%. This means that before the protocol launched, the majority of LDO had already been distributed to insiders and early institutional investors. As of early 2026, according to on-chain data from Etherscan, the top 100 LDO holding addresses control approximately 79% of total supply. This figure includes the DAO treasury itself, exchange custody wallets, and large early holders, but regardless, it reflects a highly concentrated token holding structure.

The deeper structural issue is the misalignment between LDO holders and stETH holders. Those who govern the protocol are not the same people whose assets are managed by it. Lido DAO holds significant control over core smart contracts, including stETH minting rules, node operator appointments, and a treasury exceeding two hundred million dollars. This resembles the conflict of interest between rating agencies and the investment banks packaging the bonds they rated in 2008: each layer had its own internal logic, producing a misalignment of incentives across the overall governance structure.

Lido passed a dual governance mechanism in June 2025, which is a meaningful upgrade to the governance structure. Under this new framework, any decision passed by LDO holders must go through a waiting period before execution, giving stETH holders an opportunity to express opposition.

The mechanism operates in two layers. The first is a veto signal: if more than 1% of total stETH supply enters a custody contract in opposition, the decision is delayed by up to 45 days. The second is Rage Quit: if opposition exceeds 10% of stETH supply, governance fully pauses until all opposing holders have completed their withdrawals and exited the protocol safely.

In traditional finance terms, this resembles a supermajority protection clause in corporate charters: major shareholders cannot push through significant decisions without giving minority shareholders time to respond. Lido's official governance scorecard currently rates these safeguards as Good. In a June 28, 2025 post, Vitalik Buterin stated that dual governance is not perfect but can resolve some important problems.

The execution threshold for this mechanism is not low. Based on 2026 staking scale, the 10% threshold requires roughly 870,000 ETH, equivalent to more than two billion dollars worth of stETH holders coordinating collectively, which is extremely difficult. The 1% veto threshold is more operationally realistic, but still requires holders with over two hundred million dollars in stETH to act. This mechanism represents real progress, but its practical effectiveness depends on whether stETH holders can form collective action when needed.

stETH's position within the DeFi ecosystem gives this risk picture a more concrete shape.

According to mid-2026 DeFi lending data, liquid staking tokens account for approximately 28% of total DeFi lending collateral, with stETH and wstETH being the dominant components. Aave accepts stETH as collateral with a loan-to-value ceiling of approximately 80%, meaning users can deposit stETH and borrow up to 80% of its value in other assets. This lending structure creates an enormous leveraged network, and one of its most critical stability assumptions is that stETH must maintain a stable exchange rate relative to ETH.

In June 2022, that assumption cracked under pressure. The trigger was the market panic following the Terra/UST collapse in May. Celsius and Three Arrows Capital, two of the largest stETH holders at the time, together withdrew approximately 800 million dollars of liquidity from Curve's stETH/ETH pool, causing severe imbalance in the pool. Because Beacon Chain withdrawal functionality had not yet been implemented, that would not come until Ethereum's Shanghai upgrade in April 2023, stETH holders had no way to redeem stETH for ETH through the protocol. Their only exit was secondary markets. Mass selling under severely constrained liquidity pushed the stETH/ETH ratio on Curve to approximately 0.94, a discount of around 6%. After the Shanghai upgrade enabled withdrawals, arbitrage mechanisms recovered and the discount eventually closed. However, the opening of withdrawals did not fully eliminate this risk.

In July 2025, stETH experienced renewed sustained depegging. The mechanism this time was entirely different from 2022. The trigger was not the absence of withdrawals but a chain reaction in the DeFi lending market. Rising WETH borrow rates on Aave made the then-popular leveraged staking strategy, depositing stETH into Aave to borrow ETH, staking that ETH for more stETH, depositing again in a loop, unprofitable. Users began unwinding these positions in volume, placing heavy sell pressure on stETH. Simultaneously, concentrated exits by major holders including Justin Sun and Abraxas Capital pushed Lido's withdrawal queue to 235,000 stETH, the highest level since withdrawals were first enabled. Glassnode noted that the large withdrawal queue made it impossible for arbitrageurs to redeem stETH for ETH quickly enough to profit from the discount, prolonging the depeg. Lido's market share fell to 25% during this period, a three-year low. This event revealed a deeper structural reality: stETH's peg stability depends not only on whether the withdrawal mechanism is functioning, but also on borrowing rates and liquidity conditions across the broader DeFi ecosystem.

A smaller but structurally noteworthy event in May 2025 added an operational dimension to this risk picture. Lido's oracle system uses 9 independent operators with a 5-of-9 quorum design. When the private key belonging to operator Chorus One was compromised on May 11, the system did not interrupt, no user funds were affected, and Lido completed an emergency DAO vote to rotate the key within hours. The loss was just 1.46 ETH in gas fees. But the compromised key had been created in 2021 and used for four years without being updated to current security standards. In a system managing millions of ETH, this is an observable operational signal: the tension between rapid growth and continuously maintaining security standards across every layer does not resolve itself.

In April 2026, an event of similar character but far greater scale made the DeFi contagion mechanism impossible to dismiss as theoretical.

Kelp DAO's rsETH is a liquid restaking token that was targeted in a bridge attack on April 18, 2026. The attacker exploited a configuration vulnerability in Kelp DAO's LayerZero cross-chain bridge, forging cross-chain messages to mint 116,500 rsETH tokens worth approximately 292 million dollars without any backing. The attacker immediately deposited these unbacked rsETH tokens into Aave V3 as collateral, borrowed large amounts of WETH, and left approximately 196 million dollars in bad debt within the protocol. In the following 48 hours, Aave's TVL fell from 26.4 billion dollars to approximately 17.9 billion dollars. Total DeFi TVL fell from 99.497 billion to 86.286 billion dollars, with more than 13.2 billion dollars evaporating.

Lido's core staking system, including stETH and wstETH, was completely unaffected throughout the event. However, Lido's EarnETH vault had approximately 9% of its assets directly exposed to rsETH, amounting to roughly 21.6 million dollars. Following the event, Lido paused EarnETH deposits and withdrawals and activated a 3 million dollar first-loss backstop funded by the Lido DAO treasury. What that event demonstrated was the contagion mechanism itself, not Lido experiencing the same failure. What it revealed is what happens when a liquid staking token is deeply embedded in DeFi lending infrastructure: 48 hours, 13.2 billion dollars.

These signals have triggered Ethereum Foundation's response.

In September 2025, Vitalik published the Rainbow Staking proposal on the Ethereum research forum. For the first time, it introduced a 25% market share cap for liquid staking protocols at the protocol design level, preventing any single protocol from approaching the consensus safety threshold again. Ethereum Foundation researcher Barnabé Monnot had been developing the conceptual foundations since early 2024; Vitalik's proposal systematized it.

The Ethereum Foundation's actions were more direct. It funded Puffer Finance, a protocol allowing participation in validation for as little as 1 ETH, designed to lower the economic threshold for individual validators and broaden validator distribution. In February 2026, the Ethereum Foundation announced it would deploy 70,000 ETH from its treasury through native staking using open-source infrastructure, demonstrating a decentralized staking path by example.

Rocket Pool reduced its minipool threshold from 16 ETH to 8 ETH through its Atlas upgrade and publicly stated that it would actively limit its own scale if its growth began harming Ethereum's decentralization. Lido advanced its Community Staking Module, with 345 independent operators qualifying by the end of 2025, and each curated node operator now controls less than 1% of total Ethereum stake.

The entire Ethereum ecosystem's decentralization reform is occurring within the same period that Lido's market share declined from 32.3% to approximately 23% by early 2026. This is not coincidence. It is a system recognizing its own risks and actively building buffers.

The 2008 financial crisis taught one enduring lesson: the question was never whether the system could function under normal conditions, but how far and how fast its chain reactions would travel under extreme stress. What the Ethereum community is doing today is building in distributed mechanisms and structural checks during a period of relative calm, a more proactive response than the regulatory reaction that followed 2008. Although actively managing risk and having eliminated risk are two different things, at least Ethereum has recognized the problem and begun to act.

If you stake ETH into Lido today, you are connecting yourself to this entire structure. Your stETH may simultaneously serve as lending collateral, a source of liquidity, and a component of DeFi strategies, embedded into a Web3 financial system whose underlying architecture is far more complex than what is visible on the surface. Understanding this is not meant to influence any decision you make. It is so that you can understand what kind of financial structure you are about to participate in before you decide to enter.