Hey, I wanted to formally inform the hub community that it is completely possible that there are compromised validators on the hub.
Here are some screenshots that can describe the nature of the compromise. This has been confirmed across numerous validators on Luna classic who used Allnodes as a white label provider.
I have also produced a Google document, which will later be made a PDF and hosted on the notional github.
I would like to warn the community that it seems evident that allnodes has a practice of:
- Validating a new chain
- Adding that chain to their orchestration system
- Creating tendermint priv-validator-key.json and seed phrase for their customers
- Providing neither key to their customers unless requested
I think that this underscores the importance of knowing more about validator operator infrastructure, and in particular whether or not a validator is with a primary operator or a white label provider.
If you’re a white label provider, you should not have customers seed phrases because it allows you to impersonate them
Instead, you should ensure that you never possess the client seed phrase and that they sign 100% of transactions including the create validator transaction.
If you’re an allnodes customer and validate on the cosmos hub, and any other cosmos chain, and they gave you your seed phrase, ALLNODES CAN IMPERSONATE YOU AND YOUR NODE IS A DANGER TO THE CHAIN
If you are a validator on any chain in cosmos, and you set up your validator using the allnodes.com white label service, and you were sent your seed phrase through a messaging app like keybase, please contact me at twitter.com/Gadikian or The team of the chain that you are validating. Because the cosmos SDK and tenderment do not currently have key rotation features or the ability to send your delegations, the best thing that you can do is immediately remove 100% of your self-bonded stake. You are not the enemy here. Speaking as myself, but likely other members of the community as well, were you to improve your security posture by running your own node, I believe that:
- Delegators would return
- You’d ultimately get more delegations because you’re a primary operator, not a user of white label services
In recent conversations with white label / VaaS customers of allnodes.com, I found that 100% of then had compromised cryptographic secrets.
The allnodes.com team has been very public about who holds the keys: their CEO
I would like to urge delegators to talk with their validator to ensure that they do not use allnodes.com as a VaaS provider, and would like to urge both the ICF and AIB, as well as funds invested in the cosmos hub to withdraw all delegations from all white label providers and their users with extreme haste.
White label providers include
- Coinbase Cloud
I don’t believe that these are the only white label providers on the cosmos hub.
White label / VaaS services provably harm both decentralization and security.