VaaS considered harmful

Greetings,

I recently discovered that a network of compromised validators, all run by allnodes.com, controlled 41% of vote power on LUNC. During the course of the investigation, I interviewed these validators.

My finding was that 100% of them either did not have their cryptographic secrets, namely priv-validator-key.json and they’re validator operator wallet seed phrase, or had been sent their validator operator while at seed phrase over key base by the CEO of allnodes.com

I wish to strongly urge the user community to reconsider delegations to any provider providing white label services. These services provably harm network security and harm decentralization overall.

Validator should be a primary operator capable of operating a validator node themselves. In the course of my research, Akash came up as one of the chains validated by allnodes.com.

I would urge that any fund or individual invested in this project, redelegate a way from all nodes. I would also strongly recommend that delegators speak to their validator to ensure that validators on this network do not use allnodes.com.

More broadly speaking, I recommend against the set of practices called VaaS.

Here are my findings:

Delegating to notional helps to fund research like this, as well as software development throughout cosmos.