The $60 billion implosion of the Terra ecosystem last May exposed cracks in the foundations of the crypto industry and kickstarted a year of cascading financial crises that have yet to relent.
Now, in the ashes where Terra once stood, another controversy is bubbling—one offering potential warning signs for the broader crypto landscape.
The matter concerns Terra Classic (LUNC)—the Cosmos-based network born out of the collapsed Terra ecosystem—and Allnodes, a major staking platform currently integral to Terra Classic’s operation.
Terra Classic is often referred to as a “meme chain”—meaning it isn’t taken all that seriously by the wider crypto community. The network was resuscitated by Terra community members more out of a spirit of experimental novelty than an earnest ambition to re-establish the failed behemoth architected by current international fugitive Do Kwon.
Despite that modest ethos, though, Terra Classic is, financially speaking, no laughing matter: LUNC’s market cap currently hovers around $1 billion, and the cryptocurrency routinely clears $100 million in daily trading volume, according to CoinGecko.
Terra Classic is, like an increasing number of blockchains, a proof-of-stake network. Users can deposit LUNC to help validate transactions on Terra Classic; in return, users accrue rewards in the form of newly generated LUNC. And, like with any other proof-of-stake network, those unwilling or unable to set up a Terra Classic validator node themselves can pay a third-party service to handle the technical, cumbersome process.
Though many such third parties once serviced the vibrant Terra staking ecosystem prior to its collapse last May, most major staking services ran for the exits as soon as Terra’s brand turned toxic. Save one.
Allnodes, a Los Angeles-based nodes and staking service, continued to service Terra Classic users during and after the network’s collapse. And as Terra slowly clawed its way back from oblivion, Allnodes rose with it: the company now handles staking for roughly a third of validators on the entire Terra Classic network.
That figure alone might not turn heads in the increasingly centralized world of third-party staking services. But combined with recent revelations of Allnodes’ handling of sensitive customer information, it has raised pressing questions about the ease with which staking companies could potentially hijack multibillion dollar blockchain networks—and the lack of safeguards that exist to prevent such malfeasance.
Allnodes markets itself as a non-custodial service; typically, in crypto, that means a company does not handle private customer keys or, therefore, have direct access to customer funds.
Allnodes, however, retains custody of all customers’ operator keys and validator keys. In the Cosmos ecosystem, knowledge of both keys grants anyone access not just to funds reaped by a validator during staking, but also to that validator’s voting power in a network’s governance protocol.
Marko Baricevic, Cosmos’ top core developer, says that for a third party—especially one that claims to be non-custodial—to wield such control over customer information is highly irregular.
“In almost all scenarios, always, the customer at a bare minimum has the operator key, which controls the funds,” Baricevic told Decrypt. “In this scenario, both keys are owned by Allnodes. So it is custodial.”
What does that difference mean? Most importantly, it means that Allnodes could, without its customers’ awareness or approval, direct the voting power of customer nodes it operates to accomplish whatever ends. On networks like Terra Classic, it only takes 33.34% of validators to halt all activity on the chain, or to potentially pass any number of governance proposals. If Allnodes controlled at least that percentage of network activity, the company could theoretically destroy the network, or send itself any sum of money via a funding proposal.
So, can it? Allnodes claims, via self-reported data that the company just began making public this week, that it controls between 30% and 31% of voting power on Terra Classic, just shy of the critical margin that would effectively grant it control over the network (as of Friday, Allnodes claims that number has fallen to 29%). The actual percentage, however, could only be verified if every one of the company’s customers came forward. Allnodes has stated it will not disclose customer identities.
Prior to this week, Allnodes made no attempt to report such data. That policy change likely resulted from a fracas stirred in the Terra Classic community last month over the company’s growing influence.
Jacob Gadikian, a Terra Classic community member and founder of Notional Labs, a Cosmos-based software company and validating service, has for weeks waged a relentless—and some of his detractors say “overly aggressive”—awareness campaign to convert Terra Classic validators away from Allnodes. His goal is to dilute the company’s power over the network.
Gadikian was, until last month, a member of Terra Classic’s L1 task force, the rag-tag volunteer group that has come to oversee the network’s regrowth. After tensions boiled over from disputes over Allnodes, Gadikian resigned from the task force.
After witnessing the actions of @gadikian in the last 24 hours I call for his immediate termination from the L1 task force. He has mocked $LUNC community members by calling them “lowlifes” and “r**ards”, has personally attacked validators and divided the community. We deserve
— Mr. Diamondhandz1💎 (@MrDiamondhandz1) January 24, 2023
Gadikian’s zealous and continued offensive against Allnodes stems, the developer says, from his concern that the company’s practices are an intentional strategy, not an oversight.
“I don’t believe that you can scale a business to that size and legitimately believe that these are acceptable practices,” he told Decrypt.
Allnodes, for its part, is adamant that it would never vote on behalf of customers.
“If we vote, and that goes public, our business is finished. So it makes no sense for us to vote for our customers,” Allnodes founder and CEO Konstantin Boyko-Romanovsky told Decrypt.
In that sense, though, Allnodes is holding its own hands behind its back: Beyond fears of public reaction, little stands in the way of the company manipulating its control of customer nodes.
Boyko-Romanovsky insists that Allnodes holds customers’ validator keys and operator keys to make their white label services as simple as possible for clients who don’t want to deal with technical headaches. But a number of Allnodes’ customers say they were never aware that they were giving away rights to sensitive information in the first place.
“I honestly didn’t know there were keys with validators,” David Goebelt, a Terra Classic validator and former Allnodes customer, told Decrypt. “When I started my validator with them, they asked for all the info for my bio and then started up the validator.”
Eventually, Goebelt learned that the company had created and was holding his keys. After several weeks of repeated requests, Allnodes sent those keys to Goebelt.
Despite increased scrutiny of its custodial practices, Allnodes continues to insist, in communications and marketing, that it is a non-custodial service.
“Custody means tokens, it means assets. It does not mean keys,” Allnodes Head of Growth Robert Ellison told Decrypt. Ellison believes that because the company does not have access to users’ bank accounts or other wallets, it cannot be considered custodial.
But the company also controls the process by which staking rewards are disbursed to clients. Though no allegations have been made that Allnodes is siphoning any portion of those rewards, the company is still an essential middleman in the process of paying out funds to customers.
“Actually, if it’s not your keys, it’s not your crypto. That’s the original slogan,” Cosmos head developer Baricevic said. “If we take Celsius or FTX, people using the platform thought they owned the funds. That’s the exact same thing happening here.”
While Allnodes maintains that there are no issues with the company’s internal custodial practices, it does concede that concerns about its increasing power over the Terra Classic ecosystem are valid. But, it says, it can’t really help being popular.
“We don’t want too much voting power,” Allnodes’ Ellison said. “But we can’t, at the end of the day, control who delegates to us.”
The company is, though, increasing its staking commissions on Terra Classic, a move it says will “deincentivize” customers to use their services, therefore loosening Allnodes’ grip over the network.
Some are skeptical about the earnestness of that initiative.
“If you want to stop offering a service, just do it,” Juri Maibaum, co-founder of Frens, another Cosmos-based validating service, told Decrypt. (Frens does not offer services on Terra Classic.) “If McDonald’s doesn’t want to sell burgers anymore, they are not going to say, ‘we’ll double our prices.’ They’re just going to stop serving burgers.”
The unspoken reality is that Allnodes has a clear financial incentive to continue to offer its services on Terra Classic; that chain is, by far, the one on which Allnodes exerts the most influence. Allnodes offers staking services on 68 networks including Ethereum, Cardano, Polygon, and Solana, but possesses, according to self-reporting, less than 10% of voting power on any of those networks.
A few Terra Classic-based Allnodes customers have terminated services on principled grounds, following Gadikian’s awareness campaign, but some may not care about decentralization, and many more may still be unaware of the issues at play.
And there’s little, if anything, a network itself could do to put such a matter to bed. Baricevic, who builds the Cosmos blockchain, on top of which 266 networks and applications including Terra Classic are built, says he’s been searching for a top-down solution to this type of problem for months, but hasn’t found one.
The best option he can think of is passing a governance proposal to oblige all validators on a network to disclose if they’re using a third-party service like Allnodes. Then, a network could much more easily assess if it was under threat of dominance by an external source.
“But to enforce that, you’re on a witch hunt to find if people are actually doing it or not,” Baricevic said. He doesn’t think the policy, in practice, could be reasonably enforced. And even if it could be, such a system would only serve to increase awareness, not halt or slow the risk of a hostile network takeover.
Though Allnodes’ grip on Terra Classic may currently look like an exception in the broader crypto landscape, the episode highlights unresolved questions that could soon grow bigger than Terra Classic, and even Cosmos.
Many blockchains have transitioned to environmentally friendly proof-of-stake models in the last year, and in these new systems, third-party companies like Allnodes (or Coinbase, Binance, and Kraken) have amassed unprecedented influence over supposedly decentralized levers of power.
“I think proof of stake as we know it today needs to fundamentally change,” Baricevic said.
Until that time, the security and reliability of many blockchains will continue to hinge on the goodwill and restraint of private companies, and the power of grassroots awareness campaigns to call those companies out.