Allnodes white label customers compromised

jacobgadikian · January 24, 2023, 10:55am

Hey, I wanted to formally inform the hub community that it is completely possible that there are compromised validators on the hub.

Here are some screenshots that can describe the nature of the compromise. This has been confirmed across numerous validators on Luna classic who used Allnodes as a white label provider.

I have also produced a Google document, which will later be made a PDF and hosted on the notional github.

I would like to warn the community that it seems evident that allnodes has a practice of:

Validating a new chain
Adding that chain to their orchestration system
Creating tendermint priv-validator-key.json and seed phrase for their customers
Providing neither key to their customers unless requested

I think that this underscores the importance of knowing more about validator operator infrastructure, and in particular whether or not a validator is with a primary operator or a white label provider.

If you’re a white label provider, you should not have customers seed phrases because it allows you to impersonate them

Instead, you should ensure that you never possess the client seed phrase and that they sign 100% of transactions including the create validator transaction.

If you’re an allnodes customer and validate on the cosmos hub, and any other cosmos chain, and they gave you your seed phrase, ALLNODES CAN IMPERSONATE YOU AND YOUR NODE IS A DANGER TO THE CHAIN

If you are a validator on any chain in cosmos, and you set up your validator using the allnodes.com white label service, and you were sent your seed phrase through a messaging app like keybase, please contact me at twitter.com/Gadikian or The team of the chain that you are validating. Because the cosmos SDK and tenderment do not currently have key rotation features or the ability to send your delegations, the best thing that you can do is immediately remove 100% of your self-bonded stake. You are not the enemy here. Speaking as myself, but likely other members of the community as well, were you to improve your security posture by running your own node, I believe that:

Delegators would return
You’d ultimately get more delegations because you’re a primary operator, not a user of white label services

Conclusion
In recent conversations with white label / VaaS customers of allnodes.com, I found that 100% of then had compromised cryptographic secrets.

The allnodes.com team has been very public about who holds the keys: their CEO

https://twitter.com/Sephiroth

I would like to urge delegators to talk with their validator to ensure that they do not use allnodes.com as a VaaS provider, and would like to urge both the ICF and AIB, as well as funds invested in the cosmos hub to withdraw all delegations from all white label providers and their users with extreme haste.

White label providers include

Allnodes
Coinbase Cloud
Figment

I don’t believe that these are the only white label providers on the cosmos hub.

White label / VaaS services provably harm both decentralization and security.

Alkia · January 25, 2023, 12:29am

Thanks for the insight Jacob. Leaving Allnodes.

Wafu50 · January 25, 2023, 10:58pm

Hi all. I’d like to know how an existing bare metal validator could hand over validator status of their node to a second party with their own setup, without compromising security of keys? Can this be achieved? TIA.

LeonoorsCryptoman · January 26, 2023, 6:29pm

To hand over ownership of the wallet address, you always need to pass the seed phrase.
So both parties will always be able to have a copy of the wallet address, and is hence compromised.

jacobgadikian · January 26, 2023, 10:06pm

Hey just so you know I’m really interested in allowing this to happen by writing the necessary SDK code.

Currently it is not possible.

So right now as @LeonoorsCryptoman mentions, we can’t do that.

Jcook_14 · January 27, 2023, 4:09pm

This some next level reporting. Kudos to you. These types of risks go totally under radar without trusted sources like Notional.

serejandmyself · February 3, 2023, 7:34pm

Im in shock that some people still redelgate to them from normal validators

jacobgadikian · February 6, 2023, 11:59am

Hey @serejandmyself – I think the reason that this is happening is that they continue to say that their operations are secure. Check out some of the screencaps here:

I hope to have the censure proposal on-chain today.

JD-Lorax · February 6, 2023, 5:42pm

White label validator service providers (stand to be corrected on some):

Figment
P2P Validator
Chorus One
Allnodes
Swiss Staking (?)
Staked
Blockdaemon
Coinbase Cloud
Polkachu (?)

I don’t know a comprehensive list of users of this service. Whitelabel Consumers:

Coinbase Exchange (Coinbase Cloud)
Kraken (Staked)
Zero Knowledge (Chorus One)
Ledger (Figment)

There are quite likely others I am not aware of. White label service providers and consumers don’t seem to be very open about their arrangements all the time.

jacobgadikian · February 10, 2023, 11:04am

Hey this is massively useful information and I think you get it. The lack of transparency is precisely what makes these arrangements dangerous.

system · February 24, 2023, 11:05am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Censure Allnodes for insecure VaaS practices Signaling/Text	7	1362	February 28, 2023
In Response to the All Nodes, White Label Providing Saga, The Cosmos Hub needs a concise list of Trusted Independent Operating Validators as a resource for the Community at large to reference Conversation	1	279	February 12, 2023
This is an Official statement from Allnodes regarding VaaS and Tendermint Keys Management Conversation	1	452	March 7, 2023
Allnodes Validator Profile Validator Profiles	0	770	August 10, 2022
Validator Security Measures Implemented - Seeking Community Insights Security	7	554	October 2, 2023

Allnodes white label customers compromised

Related topics