I recently had the opportunity to talk to the developers behind Core-Pool – originally launched as Chia-Core – and get their thoughts on the current state of Chia pools and what it is like to run one of the in-progress “unofficial” pools. I will not be divulging any information that could lead to their identification, they are quite concerned with anonymity. As someone who has not been on the financial side of the cryptocurrency world I do not have the context here, but from my perspective they seemed a little paranoid. However you aren’t actually paranoid when they are really out to get you, and the developer I spoke to had started receiving a large number of death threats and was not sure that they were all harmless because of the amount of money at stake. They told me they do not leave the house unarmed anymore.
This was my main takeaway here, that the amount of money involved in these pools means that what is essentially a software project and a website ends up as a high stakes enterprise. I could feel the stress coming off the person I spoke to, who had been working around the clock to stop the double-farming issues plaguing their pool. My immediate sense was that of a business person simply trying to service a market need created by the delays in the official pooling protocol and portable plots. There is a lot of frustration in the community right now and Hpool and Core-Pool are helping to release that pressure.
I want to first address the issue about malware. There were reports and screenshots floating around when Core-Pool launched claiming that there were viruses and remote access toolkits (RATs) embedded in the installer. I have seen no evidence of any malicious software activity, in either Hpool or Core-Pool. There is no incentive for this kind of behaviour, either. The incentive is to run a large pool with many users and have lots of money moving through your hands. Distributing malware in your software is not the path to achieving that, and developers know this. There may be security issues with the software or systems, but if so I believe they will be accidental and not malicious. We will be releasing a review on the software itself in the coming days and weeks.
Core-Pool was started by a group of solo farmers who were getting frustrated by the growing netspace and lack of pools. They saw Hpool, and the concerns around the software there and that project and figured they could do it better. They started off calling themselves Chia-Core, and I had assumed they had a trademark dispute with Chia Network forcing them to change their name but in reality they simply changed when the service started to grow to avoid any issues that might have cropped up. Once they had something, they posted to ChiaForum.com and people started to come. And that’s when they say the attacks began, both character attacks on forums and network attacks against their infrastructure.
Because of the security concerns around Hpool and the understandable risks for running unknown software the Core-Pool client does not require inbound access to your network and you are able to use any reward address, not only the one tied to your plots. The developer I spoke to went off on a bit of a tangent about how people should always be running this stuff in a segmented virtual machine without access to anything important. I agree completely, and I appreciate that they understand some of the concerns of their target market. The architecture does seem to be in response to the criticisms about Hpool.
They do deal with the same issues though, with analyzing rewards and dealing with double-farming and space inflation is a major part of their operations.
We are checking double farming every day before payouts with our scripts, but it is a really hard work, and require a lot of time. Now we are working on to make it completely automatic and done by the server itself and catch such a farming behavior on the fly.Core-Pool developer
In terms of financial controls, they are a small team and are still working through those details. At the moment they are using transparency and public wallets and transactions to handle the issue of financial controls. This is something I am hearing a lot in this space, and I think it is a mistake. I think fully automated payments and an open system in place will be very good for the CorePool users until there is a problem with part of the process and then it will be a disaster. People seem to label any error in the cryptocurrency space as evidence of a scam or a “rug-pull” and I didn’t get the sense from the Core-Pool team that this was what they were doing. But I do expect more issues. What they are doing is complicated with a lot of very invested users, and I think its going to continue to require a ton of time from the developers.
This is actually going to be a theme through all of these All about Pools articles, the teams are generally small for what they are dealing with. They all seem sincere and earnest in their goals. For Core-Pool specifically they expected to have a small group of about 100 farmers and it has exploded from there. According to their website they currently have a hair over 14 000 farmers in their pool.