Attack on Crypto.com’s Validators – Is Your Stake at Risk?
Disclaimer: We have recently started a node and are included in the Top 100 List.
Validators play an essential role on the blockchain verifying incoming transactions and completing these only upon verification. On the Crypto.com (CdC) chain, validators can also receive CROs (native token) from delegators for staking. These staked tokens earn an estimated yield of 14.74% APY (June 20, 2021).
But what happens to the delegators’ stake when validators are attacked?
On June 19, 2021, there had been selected attack attempts on validators. According to a discussion on the Discord, Leslie from CdC highlighted that validator nodes with open RPC ports were jammed by sending large amounts of RPC queries, which caused a few validator nodes to go down. This could have been a negligence from the validator operators. As soon as the validator is down, it “unbonds” and is not “active” on the mainnet any longer. As long as the validators is not active, no blocks are signed and therefore delegators do not earn staking rewards and do not realize the possible 14.74% APY (minus commission). After the validator becomes active again and signs blocks, delegators earn their staking rewards. In this event the validators have been down for couple of hours, and delegators lost their staking rewards for that period, but note that the staked CROs have not been at risk. However, if many delegators decide to redelegate their CROs to other validators during that period and the total amount of delegated CROs of the attacked validators could fall below the minimum required to be included in the Top 100 List (the 100 active validators with the highest delegation amounts). In this event the remaining delegators are at risk to miss out on staking rewards until the validator re-joins the Top 100 List, which might not happen again. In this scenario, delegators can only start earning staking rewards again when redelegating to a validator included in the Top 100 List.
This event highlights the importance of a top-tier infrastructure paired with a professional team managing the validator. Accidents can always happen and will happen, but the operating validator team should do best efforts to minimize these, which could also result in a jailing event as we have recently seen (see also My Validator Got Jailed - Should I Panic? (https://www.siriusnodes.com/blog/my-validator-got-jailed-should-i-panic).
Delegators should also do their own research choosing a validator to make sure it is run professionally with a top-tier infrastructure and should not discard right away validators charging a fee, because running a validator has hard dollar operational costs and also requires a substantial amount of time to maintain it properly. It is also important to support validators with an infrastructure equipped to adequately protect the CdC chain from such attacks. See also our blog post How to Choose a Reliable Validator? https://www.siriusnodes.com/blog/how-to-choose-a-reliable-validator for finding professional validators. Therefore, delegators can see the commission charged as an insurance policy against adverse events, which have happened frequently.