|
| 1 | +# Cosmos Hub to Launch Mainnet |
| 2 | + |
| 3 | +## Pre-launch Dependencies & How to Safely Claim Your Atoms |
| 4 | + |
| 5 | +In the summer of 2016, the [Cosmos whitepaper][whitepaper] was released. In the |
| 6 | +spring of 2017, the [Cosmos fundraiser][fundraiser] was completed. In the first |
| 7 | +months of 2019, the software is [feature complete][releases]. The launch of the |
| 8 | +Cosmos Hub draws near. What does this mean for Atom holders? |
| 9 | + |
| 10 | +If you are an Atom holder, you will be able to delegate Atoms to validators on |
| 11 | +the main network and vote on governance proposals. In fact, the future success |
| 12 | +of the network depends on you responsibly doing so! However, you will not be |
| 13 | +able to transfer Atoms yet. Transfers will be disabled at the protocol level |
| 14 | +until a hard-fork is executed to enable them. |
| 15 | + |
| 16 | +Atom holders should carefully follow the guidelines in order to safely delegate |
| 17 | +Atoms. Please read through the entire guide first to familiarize yourself |
| 18 | +before you actually do anything: [CLI guide][cli] |
| 19 | + |
| 20 | +The process outlined in the guide is currently the only verified and secure way |
| 21 | +to delegate Atoms at launch. This is because the gaiacli tool used in the guide |
| 22 | +is the only wallet software undergoing third-party security audits right now. |
| 23 | +No other wallet providers have begun security audits yet. |
| 24 | + |
| 25 | +Remember that delegating Atoms involves significant risk. Once delegated to a |
| 26 | +validator, Atoms are bonded for a period of time during which they cannot be |
| 27 | +recovered. If the validator misbehaves during this time, some or all of the |
| 28 | +delegated Atoms may be burned. It is your responsibility to perform due |
| 29 | +diligence on validators before delegating! |
| 30 | + |
| 31 | +The Cosmos Hub is highly experimental software. In these early days, we can |
| 32 | +expect to have issues, updates, and bugs. The existing tools require advanced |
| 33 | +technical skills and involve risks which are outside of the control of the |
| 34 | +Interchain Foundation and/or the Tendermint team (see also the risk section in |
| 35 | +the [Interchain Cosmos Contribution Terms][terms]). Any use of this open source |
| 36 | +[Apache 2.0 licensed][apache] software is done at your own risk and on a “AS |
| 37 | +IS” basis without warranties or conditions of any kind, and any and all |
| 38 | +liability of the Interchain Foundation and/or the Tendermint team for damages |
| 39 | +arising in connection to the software is excluded. Please exercise extreme |
| 40 | +caution! |
| 41 | + |
| 42 | +If you are looking for more information about delegation and want to talk to |
| 43 | +the folks developing Cosmos, join the virtual meetup on February 14 where you |
| 44 | +will be walked through the step-by-step instructions for delegating Atoms at |
| 45 | +launch. |
| 46 | + |
| 47 | +Register here: [gotowebinar.com/register/][webinar] |
| 48 | + |
| 49 | +## Remaining Milestones for Launch |
| 50 | + |
| 51 | +To follow mainnet launch progress, please bookmark: |
| 52 | +[cosmos.network/launch][cosmos]. |
| 53 | + |
| 54 | +### 5 Cosmos-SDK Security Audits ✔ |
| 55 | + |
| 56 | +In early January, the Cosmos-SDK underwent the first in a series of third-party |
| 57 | +security assessments scheduled for Q1 2019. This audit took place over a two |
| 58 | +and a half week period. To date, two different security auditing firms have |
| 59 | +assessed various parts of the Cosmos-SDK and a third audit is under way. |
| 60 | + |
| 61 | +### 4 Cosmos SDK Feature Freeze |
| 62 | + |
| 63 | +The final breaking changes to the Cosmos-SDK are included in the [v0.31.0 |
| 64 | +launch RC][rc]. Once this RC is completed, the Cosmos-SDK team will engage in a |
| 65 | +round of internal bug hunting to further ensure sufficient pre-launch security |
| 66 | +due diligence. |
| 67 | + |
| 68 | +Right after Cosmos-SDK v0.31.0 is released, a Gaia testnet will be released in |
| 69 | +an effort to flush out any hard to find bugs. |
| 70 | + |
| 71 | +### 3 Game of Stakes Completed |
| 72 | + |
| 73 | +Game of Stakes (GoS), [the first adversarial testnet competition of its |
| 74 | +kind][gos], was launched in December 2018 to stress test the economic incentive |
| 75 | +and social layers of a blockchain network secured purely by Proof-of-Stake. The |
| 76 | +GoS blockchain was successfully hard-forked three times to date. As soon as the |
| 77 | +GoS concludes, the [scoring criteria][scoring] will be used to determine |
| 78 | +winners. Those will be announced following the completion of the game. |
| 79 | + |
| 80 | +### 2 Genesis Transactions Collected |
| 81 | + |
| 82 | +The Interchain Foundation will publish a recommendation for the allocation of |
| 83 | +Atoms at genesis. This will include allocations for Cosmos fundraiser |
| 84 | +participants, early contributors, and Game of Stakes winners. Any one with a |
| 85 | +recommended allocation will have the opportunity to submit a gentx, which is |
| 86 | +required to become a validator at genesis. The ultimate result of the |
| 87 | +recommended allocation and the collection of gentxs is a final [genesis |
| 88 | +file][file]. |
| 89 | + |
| 90 | +### 1 Cosmos Hub Mainnet Launch |
| 91 | + |
| 92 | +Once a genesis file is adopted by the community, and +⅔ of the voting power |
| 93 | +comes online, the Cosmos mainnet will be live. |
| 94 | + |
| 95 | +## Official Cosmos Communication Channels |
| 96 | + |
| 97 | +These are the official accounts that will communicate launch details: |
| 98 | + |
| 99 | +- [Cosmos Network](https://twitter.com/cosmos) |
| 100 | +- [Cosmos GitHub](https://github.com/cosmos) |
| 101 | +- [Cosmos Blog](https://blog.cosmos.network) |
| 102 | + |
| 103 | +Please be aware that the [Cosmos forum][forum], [Riot chat groups][riot], and |
| 104 | +[Telegram group][telegram] should not be treated as official news from Cosmos. |
| 105 | + |
| 106 | +If you have doubt or confusion about what next steps to take and are unsure |
| 107 | +about trustworthy sources of information, do nothing for the initial period and |
| 108 | +wait for an update via the three communication channels listed above. Do not |
| 109 | +ever provide your 12 words to any admin, websites or unofficial software. |
| 110 | + |
| 111 | +**We will never ask you for your private key or your seed phrase.** |
| 112 | + |
| 113 | +## Staying Safe (and Secure!) for Mainnet Launch |
| 114 | + |
| 115 | +The launch of any public blockchain is an incredibly exciting time, and it’s |
| 116 | +definitely one that malicious actors may try to take advantage of for their own |
| 117 | +personal gain. [Social engineering][social] has existed for about as long as |
| 118 | +human beings have been on the planet, and in the technical era, it usually |
| 119 | +takes in the form of [phishing] or [spearphishing]. Both of these attacks are |
| 120 | +wildly successful forms of trickery that are responsible for over 95% of |
| 121 | +account security breaches, and they don’t just happen via email: these days, |
| 122 | +opportunistic and targeted phishing attempts take place [anywhere that you have |
| 123 | +an inbox][inbox]. It doesn’t matter if you’re using Signal, Telegram, SMS, |
| 124 | +Twitter, or just checking your DMs on forums or social networks, attackers have |
| 125 | +a [plethora of opportunities][opportunities] to gain foothold in your digital |
| 126 | +life in effort to separate you from valuable information and assets that you |
| 127 | +most definitely don’t want to lose. |
| 128 | + |
| 129 | +While the prospect of having to deal with a malicious actor plotting against |
| 130 | +you may seem daunting, there are many things that you can do to protect |
| 131 | +yourself from all kinds of social engineering schemes. In terms of preparing |
| 132 | +for mainnet launch, this should require training your instincts to successfully |
| 133 | +detect and avoid security risks, curating resources to serve as a source of |
| 134 | +truth for verifying information, and going through a few technical steps to |
| 135 | +reduce or eliminate the risk of key or credential theft. |
| 136 | + |
| 137 | +**Here are few rules of engagement to keep in mind when you’re preparing for |
| 138 | +Cosmos mainnet launch:** |
| 139 | + |
| 140 | +- Download software directly from official sources, and make sure that you’re |
| 141 | + always using the latest, most secure version of gaiacli when you’re doing |
| 142 | + anything that involves your 12 words. The latest versions of Tendermint, the |
| 143 | + Cosmos-SDK, and gaiacli will always be available from our official GitHub |
| 144 | + repositories, and downloading them from there ensures that you will not be |
| 145 | + tricked into using a maliciously modified version of software. |
| 146 | + |
| 147 | +- Do not share your 12 words with anyone. The only person who should ever need |
| 148 | + to know them is you. This is especially important if you’re ever approached |
| 149 | + by someone attempting to offer custodial services for your Atom: to avoid |
| 150 | + losing control of your tokens, you should store them offline to minimize the |
| 151 | + risk of theft and have a strong backup strategy in place. And never, ever |
| 152 | + share them with anyone else. |
| 153 | + |
| 154 | +- Be skeptical of unexpected attachments or emails that ask you to visit a |
| 155 | + suspicious or unfamiliar website in the context of blockchains or |
| 156 | + cryptocurrency. An attacker may attempt to lure you to a [compromised site] |
| 157 | + designed to steal sensitive information from your computer. If you’re a Gmail |
| 158 | + user, test your resilience against the latest email-based phishing tactics |
| 159 | + [here][quiz]. |
| 160 | + |
| 161 | +- Do your due diligence before purchasing Atoms. Atoms will not be transferable |
| 162 | + at launch, so they *cannot* be bought or sold until a hard fork enables them |
| 163 | + to be. If and when they become transferable, make sure that you’ve researched |
| 164 | + the seller or exchange to confirm that the Atoms are coming from a |
| 165 | + trustworthy source. |
| 166 | + |
| 167 | +- Neither the Tendermint team nor the Interchain Foundation will be selling |
| 168 | + Atoms, so if you see social media posts or emails advertising a token sale |
| 169 | + from us, they’re not real and should be avoided. Enable 2-factor |
| 170 | + authentication, and be mindful of recovery methods used to regain access to |
| 171 | + your most important accounts. Unprotected accounts like email, social media, |
| 172 | + your GitHub account, the Cosmos Forum and anything in between could give an |
| 173 | + attacker opportunities to gain foothold in your online life. If you haven’t |
| 174 | + done so yet, start using an authenticator app or a hardware key immediately |
| 175 | + wherever you manage your tokens. This is a simple, effective, and proven way |
| 176 | + to reduce the risk of account theft. |
| 177 | + |
| 178 | +- Be skeptical of technical advice, especially advice that comes from people |
| 179 | + you do not know in forums and on group chat channels. Familiarize yourself |
| 180 | + with important commands, especially those that will help you carry out |
| 181 | + high-risk actions, and consult our official documentation to make sure that |
| 182 | + you’re not being tricked into doing something that will harm you or your |
| 183 | + validator. And remember that the Cosmos forum, Riot channels, and Telegram |
| 184 | + are not sources of official information or news about Cosmos. |
| 185 | + |
| 186 | +- Verify transactions before hitting send. Yes, those address strings are long, |
| 187 | + but visually comparing them in blocks of 4 characters at a time may be the |
| 188 | + difference between sending them to the right place or sending them into |
| 189 | + oblivion. |
| 190 | + |
| 191 | +*If a deal pops up that [sounds too good to be true][good], or a message shows |
| 192 | +up asking for information that should never, ever be shared with someone else, |
| 193 | +you can always work to verify it before engaging with it by navigating to a |
| 194 | +website or official Cosmos communication channel on your own. No one from |
| 195 | +Cosmos, the Tendermint team or the Interchain Foundation will ever send an |
| 196 | +email that asks for you to share any kind of account credentials or your 12 |
| 197 | +words with us, and we will always use our official blog, Twitter and GitHub |
| 198 | +accounts to communicate important news directly to the Cosmos community.* |
| 199 | + |
| 200 | +[whitepaper]: https://cosmos.network/resources/whitepaper |
| 201 | +[fundraiser]: https://fundraiser.cosmos.network/ |
| 202 | +[releases]: https://github.com/cosmos/cosmos-sdk/releases |
| 203 | +[cosmos]: https://cosmos.network/launch |
| 204 | +[social]: https://en.wikipedia.org/wiki/Social_engineering_%28security%29 |
| 205 | +[phishing]: https://ssd.eff.org/en/module/how-avoid-phishing-attacks |
| 206 | +[spearphishing]: https://en.wikipedia.org/wiki/Phishing#Spear_phishing |
| 207 | +[inbox]: https://www.umass.edu/it/security/phishing-fraudulent-emails-text-messages-phone-calls |
| 208 | +[opportunities]: https://jia.sipa.columbia.edu/weaponization-social-media-spear-phishing-and-cyberattacks-democracy |
| 209 | +[cli]: https://github.com/cosmos/cosmos-sdk/blob/develop/docs/gaia/delegator-guide-cli.md |
| 210 | +[webinar]: https://register.gotowebinar.com/register/5028753165739687691 |
| 211 | +[terms]: https://github.com/cosmos/cosmos/blob/master/fundraiser/Interchain%20Cosmos%20Contribution%20Terms%20-%20FINAL.pdf |
| 212 | +[apache]: https://www.apache.org/licenses/LICENSE-2.0 |
| 213 | +[gos]: https://blog.cosmos.network/announcing-incentivized-testnet-game-efe64e0956f6 |
| 214 | +[scoring]: https://github.com/cosmos/game-of-stakes/blob/master/README.md#scoring |
| 215 | +[file]: https://forum.cosmos.network/t/genesis-files-network-starts-vs-upgrades/1464 |
| 216 | +[forum]: https://forum.cosmos.network/ |
| 217 | +[riot]: https://riot.im/app/#/group/+cosmos:matrix.org |
| 218 | +[telegram]: http://t.me/cosmosproject |
| 219 | +[good]: https://www.psychologytoday.com/us/blog/mind-in-the-machine/201712/how-fear-is-being-used-manipulate-cryptocurrency-markets |
| 220 | +[rc]: https://github.com/cosmos/cosmos-sdk/projects/27 |
| 221 | +[compromised site]: https://blog.malwarebytes.com/cybercrime/2013/02/tools-of-the-trade-exploit-kits/ |
| 222 | +[quiz]: https://phishingquiz.withgoogle.com/ |
0 commit comments