SPOs, Do not repeat my mistakes, Keep your Core Node Safe

Its very disheartning to read this. I feel sorry for your loss mate. Hat’s off to your courage for bringing this up as well. Feel free to connect on my BubbaGanuStakePool Telegram if anything I can do to help you out.

My heart goes out to you man. You still have your health and more money can always be earned. Thank you for sharing your story

This is horrible to hear Jun … was this your full ADA stack taken from you?

Surely Cardano should reemburse you with these lost funds. There will be many others making the same mistakes.

Very sad experience. So glad you evaluated the situation and were able to so clearly define the problems. It’s a certainty that many other pool operators will benefit from your openness.

You’re a good community partner. Keep your pool running. Better days ahead.

Craig

Thanks for sharing your story so other cases like this might be averted, I hope you can recover from this @junada and continue to run a Cardano Stakepool.

thanks for sharing, I’m a newbie and posts like this are really going to help me…

Very sorry to hear this story. Thank you for deciding to share it with the community; hopefully, it will help others to protect themselves. Good luck as you work out what to do next, and best wishes for the future.

Sorry for your loss. Thank you for sharing your experience. It takes a lot of courage to do that. I wish you all the best.

I am really sorry this has happened to you. I want to make sure it doesn’t happen to anyone else, so I wrote an article on how SPO could employ various security measures to run their operation securely.

1 Like

Really terrible thing. Sorry for your loss. It’samazing how some one can live with themselves after destroying other people’s lives like that. It’s no different to murder.

This is how a disclosure should be performed. Well done, and thank you for being honest to the Cardano community and helping the SPOs. I encourage each stake pool to think about layered defenses, not only from a trust boundary such as a port/firewall but also monitoring and logging. Please SPOs use things such as deception and alerting to identify malicious actors on your machines. Canary tokens are a great way to get an alert when a file is accessed or someone has cloned your website trying to impersonate you. This is a free service. https://canarytokens.org/generate or if you would rather not click a link (this would be me) just google canary tokens and do some research on the subject.

Anyone have thoughts for the SPOs on using a honeypot node to see if there is malicious traffic specifically looking for relay/node architectures?

I’m interested in operating something like this and reporting to a close-knit group of SPOs on what kind of traffic/attacks are occurring.

My sincerest apologies for your losses. Thanks for sharing your valuable lesson with the community.

By posting this article explaining what happened, it shows that you are a Stake Pool Operator of perhaps insufficient expertise, skill and/or knowledge, yet also of over-abundant character and integrity.

You can always increase your expertise, hone your skill, and gain more knowledge. But character and integrity are generally fixed commodities. You are the kind of SPO operator that Cardano hodlers looking over their delegated ADA in the decades to come.

I join everyone else in expressing my sympathy, and hope that you will chalk this up to experience (albeit very expensive) and not be too discouraged.

4 Likes

This is horrible to hear, sorry for your pledge losses. Just wondering why you move you cold keys to your relay/BP nodes anyways? So far i’ve kept it within my air-gapped machine and never really had to move it onto a live node. Maybe I havent encountered the need to yet so was just wondering what prompted you to do so?

1 Like

I believe you need the keys to raise your pledge to the pool.And he wanted to raise his pledge due to the significant amount to make the pool even more attractive. But I’m not sure, don’t hesitate to contradict if I’m wrong.

Even in that case I would certainly sign anything on another offline machine then move it back to the BP.

1 Like

@junada thanks for sharing your experience. However, I still don’t understand about your sentence

During the experimentation, I opened port 2375. and link that to my docker socket.

Did you refer to the docker port mapping docker run -p 2375:2375 caradano-node?
After reading the link Threat Alert: Attackers Building Malicious Images Directly on Your Host, the malicious docker image can be injected through the misconfiguration of the docker API. What is docker API?
Could you share your command arguments for running the docker image?

Sorry to hear that you went through this, Jun. :frowning: Thank you for sharing your wisdom with everyone.

stay strong mate.
wish you the best