Lido Receives Web3SOC Certification for Institutional DeFi Diligence

May 06, 2026 in Institutional by Lido

Lido has received Web3SOC certification from Cantina, following a point-in-time assessment covering governance, financial resilience, security, and legal and compliance posture.

Web3SOC exists because traditional diligence frameworks were not designed to assess protocols where governance is onchain, operations are distributed, and technical considerations cover smart contracts, validator infrastructure, and key management. Developed by Cantina, a security firm specialising in DeFi protocol assessment, Web3SOC shares structural principles with SOC 2 and ISO 27001 while covering areas those standards do not reach

The certification sits alongside stETH's A+ ratings in both Staking Rewards' risk framework and Credora's DeFi ratings framework, giving institutional teams independent, third-party reference points for reviewing protocol, market, and DeFi risk.

What The Assessment Covered

Cantina assessed Lido DAO and the Lido protocol across operational, financial, security, and regulatory domains:

Operational: governance processes, contributor coordination, and operating practices.
Financial: economic design, capital resilience, and related financial controls.
Security: smart contract security, application robustness, infrastructure resilience, attack resistance capabilities, and incident response procedures.
Regulatory: legal and compliance posture, including relevant institutional considerations.

The report gives institutional teams a structured assessment across each domain, designed to support internal risk, compliance, and counterparty review processes. It is available on request to institutional evaluators and counterparties conducting diligence.

What This Means for Institutional Evaluators

stETH already backs a regulated ETP on major European exchanges, is accepted as collateral on institutional venues, and is integrated across leading custody providers, centralized exchanges, and DeFi applications. The teams behind those integrations need consistent, reviewable information about the infrastructure they depend on.

Web3SOC gives those teams a single structured assessment covering all four areas, designed to fit alongside their existing diligence workflows. Instead of assembling information from scattered public materials or running bespoke review processes, teams can work from a single assessment designed for institutional review.

With over $21 billion in ETH staked through the Lido protocol, and stETH increasingly embedded in regulated products and institutional workflows, the diligence record around Lido matters. Web3SOC certification adds a structured, third-party-assessed layer to that record, helping institutional teams review the governance, security, resilience, and transparency behind stETH.

Institutional evaluators can request access to the full private Web3SOC certification report from Cantina.

The information provided in this blog is for informational purposes only and reflects our views and understanding at the time of writing. The content does not constitute professional advice of any kind, including but not limited to legal, financial, investment, or regulatory advice.

Readers should not rely solely on the information presented here, and are strongly encouraged to conduct their own independent research and consult with qualified professionals before making any decisions based on the content.