I will be keeping this document up to date as information comes in, and I am available to consult with validators at twitter.com/gadikian
Please also note that the information here is sourced from the validators, and that delegators should always remain vigilant. There is no way to know if setups are as reported. I encourage validators to report as much as possible, to guide delegators to secure setups.
Individual validators are being certified on their self attestation that none of their systems use virtual machines on shared tenancy hosts.
- Architect Nodes
- Cosmos Spaces
- Chorus One
safe vaas services
- Allnodes owns all of their own machines and there is no shared tenancy. Validators using allnodes may with to state that they are using allnodes services so they can be added to the individual validators list above.
- Validators using allnodes are safe and should self identify so that they do not lose delegations.
- ChorusOne uses only leased single tendency bare metal servers that they do not own, and therefore they are not vulnerable to downfall.
- A conversation with Meher from ChorusOne also exposed and are interesting fact, in their case, the keys never even enter RAM because they use an hsm.
- Validators using ChorusOne are safe and should self identify so that they do not lose delegations
unknown vaas services
- Coinbase cloud
I contacted thesampadilla from Google, and here is what he had to say about Downfall and GCE (all direct quotes or directly provided links)
I think this whole narrative is just a huge misunderstanding of the news that were published - as is usually the case in crypto.
This type of work is normal from Google - helping chip manufacturers make their hardware more secure.
Especially here, it is critical because this chip will be basically the successor to SGX, underpinnning any confidential space computation.
Google Cloud has some of the best if not the best security in the world. Check out these 2 advisories for the Intel (the one you sent me) and AMD (one we found a while back) vulnerabilities. These two sentences are incredibly powerful and speal for themselves: “No customer action is required. All available patches have already been applied to the Google server fleet for Google Cloud, including Google Compute Engine.” No other cloud can claim this. And if you’ve got your own hardware, you just spun up a project to patch all of these vulnerabilities on each of your servers. So I’m not concerned, I’m impressed.
I’d like to thank Sam for being the de-facto emissary from Google to cosmos. We’re way better off for it.
I can’t assess GCE’s practices, but it sure does look like they have done their homework.