I was checking on adapools this morning and saw a exclamation that my Pledge had “Committed change to 0 ADA” I checked pool.pm and saw no transactions but nonetheless I completely freaked out. My pledge had not moved from the pool wallet but I still descended into full heart racing panic mode and moved all funds and reached out to delegates to do the same.
After this I was racking my brain to ask myself how on earth someone was able to do this. Then while in post-mortem mode I checked cardanoscan after reaching out to everyones most helpful member of the community. There was no record on cardanoscan of my pool certificate being updated.
And now some questions which I think may be helpful:
Where does adapools pull this information from? Is this a bug?
In the event of an actual security breach what can/should you do and who can you contact?
Is there a checklist of a way to approach these situations?
I have submitted a support ticket with iohk but have not heard back yet.