I get what you are saying, however could Cardano “clearly” make this process hacker proof? Just like staking with a mirroring of funds in the pledge? Losing 1 million ADA is not exactly a small amount that was hacked. I don´t understand how a fellow ambassador could make should a huge security mistake. It really does baffle and worry me.
I am capable of running a pool however it appears at the moment if you make a mistake like this, you loose your funds completely. Surely this could have been prevented?
The number one thing you can do to mitigate theft of funds is learn to craft transactions manually - this will allow you to keep your signing keys cold and never within an environment where they could be compromised.
Get cardano-node and cardano-cli installed on a cold (offline) machine. Then you can build and sign all transactions on this cold machine, and move the signed transaction files to your hot node for submission to the chain. I operate as if my nodes will be compromised. Protecting your keys protects your operation.
There are many aspects of a secure stake pool operation. The Cardano node itself, operating system, hardware, network and people. Saying you’ll wait for a hacker proof Cardano node is like saying you’ll wait for safe online banking. The online banking is usually very secure and the weakest link are the people using it.
There will also never be a 100% secure pool setup guide. If a hacker knows you’ve followed certain guide, he’ll use it to his advantage and will find the weak spot more easily. That’s why security experts never publish a guide they followed themselves as it would reveal their weak spot.
The more publicity and ADA value the more hackers will target stake pools, exchanges or individuals. Even crypto exchanges are getting hacked and they are employing one of the best security experts. You need to find the balance between what you are protecting, convenience and how much resources to spend to protect it. Securing your stake pool operation should be therefore an ongoing process with continuous learning, improvements and adaptation and there is always a chance you’ll be hacked anyway.
From what I understand, stake pool servers are normally set up so that ADA can’t be stolen from them, not even the pledged ADA. So there isn’t much incentive to hack into a stake pool server, other than harming the pool’s reputation or the Cardano network as a whole. Exchanges are higher profile targets, because they need to keep some of their funds accessible online in hot wallets.
Operators should consider a bug bounty anyway, either directly through social media, or something like HackerOne.