Cosmos validators contracted with Allnodes might be COMPROMISED; here’s what you need to know

Cosmos validators contracted with Allnodes might be COMPROMISED; here’s what you need to know

Something that you want to look at if you are delegating with a validator that is contracted with Allnodes

By: satriapamudji


Over the weekend, Jacob Gadikian posted a tweet about delaying the $LUNC senate, saying Allnodes threatened the $LUNC network because of their leadership team.

According to Jacob, Allnodes has publicly admitted to knowing the private keys of validators contracted with Allnodes, which amounts to over 33% of LUNC’s voting power.

In addition to that, the only person who has access to these keys is the CEO, as seen from the screenshots below from Jacob’s Telegram.

What is Allnodes, ser?

For those who are not familiar with Allnodes, they are a Validator as a Service (VaaS) provider, and the notional value of staked assets from all the hosted nodes amounts to $1,838,041,333, according to their Twitter — and they span across many chains.

It’s not just contained to $LUNC

Over the past few days, Jacob has realized that this problem is not only contained to $LUNC but other application chains on Cosmos, such as $EVMOS, $STRIDE, $OSMO, $JUNO, and other chains that are non-cosmos.

He has since created a document under Notional, which is updated in real-time as more information comes along, and serves to assist validators who are contracted with Allnodes, and provide proof of compromise from Allnodes.

Is this something to be worried about?

After looking at the document and proofs, we at Flagship believe that this is an important piece of news for users who are delegating with validators contracted with Allnodes, and these validators themselves, and here is why:

  1. The key management used by Allnodes is extremely risky, as only the CEO has access to these keys — thus opening up an extremely weak spot for attacks by bad actors who are willing.
  2. With the Allnodes CEO having the seed phrases of validators, this is not trustless, and potentially opens up threats like impersonation, chain halting and misuse of funds.
  3. Finally, it is only recently known that where Allnodes has a presence, these nodes are run on Hetzner — a cloud service provider that has an anti-stance against anything related to cryptocurrencies, and where their ToS states that it bars crypto mining and staking.

Thus, if you are delegating with a validator on Cosmos who is contracted with Allnodes, we advise you to redelegate your stake, and you can find the full list of compromised validators in this document provided by Jacob and Notional, which will be updated as more information from the various chains come along.

This includes validators from the various Cosmos chains who are contracted with Allnodes. If unsure, ask your validator how they are hosting their nodes (the best is self-hosted nodes).

About Flagship

Curious about what we do? Be a part of the Flagship community that's revolutionizing the economy with the wisdom of our captains!

Disclaimer: Nothing on this site should be construed as a financial investment recommendation. It’s important to understand that investing is a high-risk activity. Investments expose money to potential loss.