Cover photo

Protecting the Decentralized Edge with PGDN

Most people assume validator infrastructure is secure by default. The (potential) future of banking should be secure right?

With all the recent crypto breaches, we assumed things would be protected. What we actually found was quite a shock.

PGDN is an AI-powered platform built to protect the decentralized edge, not by reacting to threats, but by proactively surfacing the weak points that make them possible.

PGDN is an agentic detection system: a purpose-built infrastructure intelligence layer that autonomously identifies, monitors, and scores validator nodes, RPC endpoints, and exposed components across decentralized networks.

The results are normalized, scored, and published as a permanent, verifiable audit trail - on-chain.


Everyone’s Auditing Apps — No One’s Watching the Infrastructure

In Web3, billions are poured into smart contract audits, formal verification, and protocol-level bug bounties. And yet:

  • The nodes running those contracts are often unpatched

  • Their RPCs are publicly exposed

  • Their dashboards and ports are wide open

  • Their infrastructure hygiene is untested, unaudited, and untracked

The external attack surface is growing — and no one’s looking.

That’s the gap PGDN exists to close.

In another article, we’ll cover the moment a security engineer from a major network sends us an outdated internal ddos audit, shortly after we sent him a report of a critical vulnerability on an external port.


Why We Scan Validators

Because they’re the actual entry points for attackers.

Smart contracts might hold the funds, but validators hold the keys to uptime, censorship, consensus, and exposure. If a validator goes down — or worse, is compromised — the entire network can be weakened or manipulated.

Here’s what we regularly find:

  • RPC nodes running vulnerable versions

  • Prometheus dashboards with no auth

  • Default passwords still active

  • BFT ports exposed globally

  • Misconfigured TLS or proxies

In any other industry, this would trigger an incident response. In crypto, it’s often invisible.


Our Approach

PGDN doesn’t guess. We verify.

  • ✅ We only scan publicly routable infrastructure

  • ✅ We do not brute-force or exploit anything

  • ✅ We fingerprint passively and match known CVEs

  • ✅ We normalize, score, and publish findings on-chain

Every scan produces a validator trust score, traceable back to the original data — hashed and timestamped for full accountability.


We're Not Just Scanning - We're Setting the Standard

This isn’t about attacking networks. It’s about making them stronger.

We’re building a living, on-chain reputation layer for validator infrastructure one that protocols can rely on, and node operators can prove against.

Because decentralization without visibility is just security by assumption.


Coming Next

In Part 2, we scan the Sui.io mainnet and find that over 20% of validators expose critical misconfigurations.

Some of them are shockingly easy to fix. None of them should have existed.


PGDN - protecting the decentralized edge (and sometimes that means seeing what others choose not to).