Censure Allnodes for insecure VaaS practices

In recent days it has come to our attention that allnodes.com has informed customers of its VaaS service that:

  • It is possible for allnodes.com to hold validator seed phrases, while claiming to operate in a non custodial manner.
  • Deleting these seed phrases on allnodes.com after allnodes.com has sent them to their customers via a web based DM means that the seed phrases are no longer compromised.

Here is a document on the depths of compromise on Luna classic:

In cryptocurrency, custodial services hold cryptographic secrets. Non custodial services do not. Allnodes is distributing false information to cosmos, as illustrated by the following screenshots:






Vote YES to censure allnodes.com for irresponsible key management on behalf of its VaaS clients, thereby endangering the cosmos hub.

Vote NO to affirm allnodes.com claims

Vote ABSTAIN to express no opinion

Vote NoWithVeto to contribute to a veto tally. If that exceeds 1/3rd of the

1 Like

I feel like we need to figure out a way to make this practice in general, a censorable offense. Or figure a new way to educate delegators to be aware of this practice, and disincentivize it through community efforts. It’s somewhat of a SRAAS (Systemic Risk as a Service).

Not sure really what the best way to approach this situation is, even without the misappropriation of keys by All Nodes, this practice is a serious centralization threat. It’s essentially pooling validators, and with Interchain Security making validating ever more challenging, we need to find a way to nip this practice in the bud fast.

1 Like

Strongly agreed.

One way to do ics is with exactly the kind of orchestration systems that allnodes likely uses.

Also, found another.

‘Censure’ as in expressing formal disapproval? Just want to confirm that this is a signalling prop

1 Like

that’s correct :slight_smile:

expressing formal disapproval, and nothing more.

What happens if Allnodes is censored on Cosmos blockchain? Is this like being ‘jailed’? And what happens to those who have delegated their ATOM with Allnodes?

It’s a formal criticism.

  • nothing changes for allnodes, except that there’s been a gov prop censuring them. We will not censor them.

  • Nothing changes for allnodes delegators, except that they now know that the cosmos hub thinks that they have behaved irresponsibly and should redelegate.

Here’s some brief commentary on the description of security research as hostile by a board member of the ICF’s company:

It should be noted that chorus one also provides validator as a service services on the cosmos hub.

It is my strongly convicted belief that none of the many teams contributing to the research that led to the passage of this proposal acted in a hostile fashion, however it is also my strongly convicted belief that numerous individuals connected to allnodes.com did in fact act in a hostile fashion.