If you spend any time in the Chia focused communities, like Reddit or the discord servers managed by the Chia Pools, you will see a re-occurring problem come up that people have while Chia farming for on chain pools. People on the new on-chain pools are farming blocks but not receiving their 0.25xch.
It looks like there are a couple things going on here, so we are going to talk about each of them but they all boil down to one thing: the farmer reward address and the config.yaml file. In a nutshell, no matter what keys or wallet you are using when you farm a block your client will include the xch_target_address value from your config.yaml file in that block and the 0.25xch farming reward portion will go there. The pool will claim the 1.75xch pool reward and sort that out if you are farming with a pool, but you could lose out on a big part of your reward if you have the xch_target_address set wrong even with a pool. The whole thing is at risk if solo farming.
Go check it out right now, its worth it. On Windows it is kept at C:\Users\%USERNAME%\.chia\mainnet\config\config.yaml and on Linux it is at /home/<username>/.chia/mainnet/config/config.yaml. You will probably find two xch_target_address values in your file, one near the ssl settings towards the top and one in each NFT settings for your on chain pooling information. The top one is where your 0.25xch will go, the bottom ones is where your client will register your reward address with your pool and your pool rewards will go by default.
So what is happening to people? Are they being hacked? Maybe, but probably not. It looks like are two main things going on: the first is that users who have or have had multiple keys on their system are farming to their second key with the farming rewards set to the first. This is actually a preferred security architecture, farming to a wallet not accessible to your farming machine. It is nice to know its setup like that. That’s what happened to this reddit user here, and I have seen a lot of users find their missing XCH in another wallet they control.
The second situation might not be such a pleasant outcome. The OG pools, like Hpool (EDIT: it has been brought to my attention that Hpool’s client uses a different mechanism to capture rewards and is likely not changing xch_target_address) and Core-Pool, work by using a custom client to change your reward address to one they control. Foxypool doesn’t do this and the farmer keeps the 0.25xch reward, but the other custom pools do pool the entire 2xch reward. Because of this while you have their software installed they redirect all block rewards to their wallets and then split them up amongst their farmers. So people are finding that even after they have left their OG pool and joined an on-chain pool that they still lose their farmer reward portion when they farm a block.
I spoke a little bit about this to the developer of Core Pool, and he said they have absolutely seen this problem. That they go to great lengths to prevent it from happening but that it still can. He says they have had a “Leave Pool” option in their software that puts everything back to normal using a config_bak.yaml file they create during original installation but that there are situations where a farmer doesn’t activate that functionality by losing power or turning windows off without closing the software it won’t properly revert the address. The other situation that can be shocking to people is if they are farming both Core-Pool and NFT plots to an on-chain pool the Core-Pool client will capture the farmer reward portion for Core-Pool regardless of which plot wins the block. But they are dealing with this too, they are sending the 0.25xch back to their farmers and their newest software version will automatically handle that portion. They have also been returning rewards to people who contact them and they really do seem to be trying to sort this out for their users.
So this is a real problem but it doesn’t largely seem malicious. The Core-Pool team seems on top of it at least, my understanding is that Hpool is also supporting users with integrity when it comes to this issue but I have not spoken to them. But it easily could be malicious and this is why you need to pay attention to your computer and network security while farming Chia.
Because of the nature of how permissive the Chia client is with both its certificates and its config files there is a LOT of opportunity for malicious software, let’s say a random Chia Fork among many, to make changes to the Chia config file. It will have the permissions to do so during installation, or when run. There is literally nothing stopping a Fork or someone like Mad Max from doing this other than integrity. This is why I think its so critical for projects like Nucle and that a proper Chia client be developed. As long as the reward address is pulled from a config file that anyone can edit it will be at risk. Either from accidental issues by honest actors, or deliberately by malicious developers.