Cosmos developers are urgently working to remove the Liquid Staking Module (LSM) from the Cosmos Hub after discovering that it was developed in part by North Korean actors, raising serious security concerns. The LSM, which was created by leading developers Iqlusion and Zaki Manian, is an extension of existing staking modules within the Cosmos ecosystem. However, a critical flaw in the LSM design allows users to avoid slashing penalties, putting all staked ATOM tokens at risk.
Reports indicate that Zaki Manian was aware of the North Korean developers’ involvement in the LSM as early as March 2023 but failed to disclose this information to the Cosmos community. AiB, the blockchain development company issuing the emergency alert, accused Manian and Iqlusion of lacking transparency and not thoroughly reviewing the contributions from the North Korean actors before promoting the module for integration with the Cosmos Hub. The news of the North Korean link has negatively impacted the network’s token price, which fell by over 2.5% in the last 24 hours to $4.44.
In response to the security vulnerabilities and the North Korean connection, Cosmos developer Jacob Gadikian announced plans to remove the LSM from the Cosmos Hub. Gadikian confirmed that specific branches of the Cosmos SDK repository containing contributions from North Korean individuals linked to money laundering and developed under false identities need to be removed or clearly marked with warnings. The developers are also calling for a thorough audit of the LSM to disclose the full extent of North Korean involvement and may blacklist specific individuals and entities, including Zaki Manian and Iqlusion.
Overall, the Cosmos community is taking proactive steps to address the security risks associated with the LSM and ensure the safety of staked tokens within the ecosystem. By removing the module and conducting a comprehensive audit, the developers are working towards restoring trust and transparency in the Cosmos network. Moving forward, it will be crucial for all stakeholders to prioritize security and diligence in order to safeguard the integrity of the platform and protect user assets from potential threats.
