SPOs, Do not repeat my mistakes, Keep your Core Node Safe

This is how a disclosure should be performed. Well done, and thank you for being honest to the Cardano community and helping the SPOs. I encourage each stake pool to think about layered defenses, not only from a trust boundary such as a port/firewall but also monitoring and logging. Please SPOs use things such as deception and alerting to identify malicious actors on your machines. Canary tokens are a great way to get an alert when a file is accessed or someone has cloned your website trying to impersonate you. This is a free service. https://canarytokens.org/generate or if you would rather not click a link (this would be me) just google canary tokens and do some research on the subject.

Anyone have thoughts for the SPOs on using a honeypot node to see if there is malicious traffic specifically looking for relay/node architectures?

I’m interested in operating something like this and reporting to a close-knit group of SPOs on what kind of traffic/attacks are occurring.

My sincerest apologies for your losses. Thanks for sharing your valuable lesson with the community.

By posting this article explaining what happened, it shows that you are a Stake Pool Operator of perhaps insufficient expertise, skill and/or knowledge, yet also of over-abundant character and integrity.

You can always increase your expertise, hone your skill, and gain more knowledge. But character and integrity are generally fixed commodities. You are the kind of SPO operator that Cardano hodlers looking over their delegated ADA in the decades to come.

I join everyone else in expressing my sympathy, and hope that you will chalk this up to experience (albeit very expensive) and not be too discouraged.

3 Likes

This is horrible to hear, sorry for your pledge losses. Just wondering why you move you cold keys to your relay/BP nodes anyways? So far i’ve kept it within my air-gapped machine and never really had to move it onto a live node. Maybe I havent encountered the need to yet so was just wondering what prompted you to do so?

1 Like

I believe you need the keys to raise your pledge to the pool.And he wanted to raise his pledge due to the significant amount to make the pool even more attractive. But I’m not sure, don’t hesitate to contradict if I’m wrong.

Even in that case I would certainly sign anything on another offline machine then move it back to the BP.

1 Like

@junada thanks for sharing your experience. However, I still don’t understand about your sentence

During the experimentation, I opened port 2375. and link that to my docker socket.

Did you refer to the docker port mapping docker run -p 2375:2375 caradano-node?
After reading the link Threat Alert: Attackers Building Malicious Images Directly on Your Host, the malicious docker image can be injected through the misconfiguration of the docker API. What is docker API?
Could you share your command arguments for running the docker image?