Well, syncing my wallet on the freshly installed client finished so I started playing around.
First results are this:
(I’ll distinguish in actions/observations on the ‘legit’ client, also holding the plots, and the ‘bad actor’ client holding nothing but the keys.
On the bad actor client after syncing the wallet my Plot NFT showed up as expected, pointing to my usual pool.
After Change Pool on the bad actor client to a new pool status changed to pending.
Few moments later the Plot NFT status at my legit client changed to invalid, my original pool started reporting invalid partials received.
Around 30 minutes later both clients (!) changed status to pooling, to the new pool.
Config.yaml at the legit client (!) also reflected the change of pool.
(I suspect there is a frequent handshake between the client and the Plot NFT on the blockchain to update bidirectionally)
Changing pool payout address on the bad actor client changed it’s local config.yaml to reflect the new address.
The legit client does not reflect the new payout address neither in GUI nor in config.yaml
The new pool registered the new pool pay out address.
It seems changing the pool pay-out address is an action only on the client at hand and unidirectional to the pool.
-EDIT- later on I tried exiting the legit client GUI and restarting it. This ‘reset’ the pay-out address at the new pool to the original ‘legit’ pay-out address. So as part of start-up the pay out address in the local config.yaml is send to the pool designated by the Plot NFT singleton.
Quit and restarted the GUI at the bad actor client next to confirm and it did, pool reported the bad actors pay out address again.
(Earlier I just tried chia stop farmer and chia start farmer from CLI but did not observe the ‘reset’ effect.)
-EDIT- I have not yet received any payouts from the new pool but I pretty sure it will be at the new payout address set by the bad actor client. I’ll stay on the new pool (SpaceFarmer.io) for some time to make sure pay-outs go to the address known to the pool at the moment of pay-out.
So what does the legit owner perceive from the bad actor’s play?
A changed pool address in the Pool section of the GUI, or in the pool section of config.yaml.
No more payouts from neither pool (old or new) if the bad actor changed the pay-out address at the bad actor client.
What does the old pool perceive?
A couple of invalid partials and then no more partials at all.
Depending on tooling and settings on that pool it may notify the user if a user profile is set.
All in all, stolen keys pose an extra threat for nft plots, a bad actor with your keys can keep messing endlessly with your pool settings through the Plot NFT and steal payouts. Nothing a cold wallet can prevent.
Next I’ll revert to my original pool from the legit client and after that change the Plot NFT to self-pooling. See what the bad actor can do with that…
Other suggestions/ideas?