Hello Cosmos Community and I hope this is the right place to post,
I hope you’re all doing well. I’m reaching out as an engineer at Pundi X and Function X, and I wanted to share that we’ve successfully implemented specific security measures for our validator nodes. These measures address scenarios such as server breaches, consensus public key leaks, and wallet private key compromises.
Specifically, we have:
- Consensus Public Key Replacement: In the event of a server breach or consensus public key leakage, we’ve implemented a solution using the
edit-consensus-pubkeytransaction to replace the validator’s consensus public key.
- Authority Transfer for Private Key Compromise: To mitigate the risks associated with a validator’s wallet private key being compromised, we’ve set up a mechanism for transferring validator authority to another address using the
grant-privilegetransaction. In this setup, the compromised private key cannot send transactions on the chain, while an authorized address can perform transactions on behalf of the validator’s address.
Since we believe in the value of knowledge sharing within the Cosmos community, we’re curious to know if anyone else has also implemented similar security measures or if there are alternative approaches you’ve found effective. Your insights and experiences would be greatly appreciated.
If you have implemented similar security measures or have valuable insights to share, please feel free to respond to this thread. We believe that collective knowledge and discussions can enhance the security and resilience of the Cosmos network for everyone.
Thank you for your time, and we look forward to hearing from you.