Developers within the Cosmos ecosystem are initiating steps to eliminate the Liquid Staking Module (LSM) due to recent findings linking its development to North Korean agents.
Today, All in Bits (AiB), a prominent blockchain development firm, released an urgent alert concerning substantial security vulnerabilities associated with the LSM.
As a direct consequence of these revelations, the network’s token price has dropped over 2.5% in the past 24 hours, currently standing at $4.44.
Concerns Over North Korean Connections
According to AiB, a considerable proportion of the Liquid Staking Module was reportedly developed by individuals associated with North Korea. This raises serious concerns about the security and integrity of the Cosmos ecosystem.
AiB emphasized that the LSM is not an isolated component, but rather an augmentation of existing Cosmos staking modules. Therefore, vulnerabilities within the LSM could pose risks to the entire staking architecture, potentially endangering all staked ATOM tokens.
The firm accused leading LSM developers, Iqlusion and Zaki Manian, of demonstrating a lack of transparency regarding these links. They alleged that these developers were aware of North Korean involvement and chose not to disclose this critical information.
It was claimed that Zaki Manian first learned of these connections back in March 2023. Moreover, AiB alleged that Manian knew of an FBI investigation into the developers but did not inform the Cosmos community. They stated:
“Despite possessing this crucial information, Zaki failed to conduct any further audits or a thorough review of the North Korean developers’ contributions before promoting the LSM for integration with the Cosmos Hub.”
In addition to the North Korean ties, AiB raised alarms about a significant design flaw within the LSM. This flaw purportedly allows users to bypass future slashing penalties, subsequently transferring risks to other stakers. Despite being highlighted during an audit, developers did not rectify the issue, instead labeling it an “intentional design goal.”
Response from Cosmos Developers
In a post on X (formerly Twitter) dated October 16, Cosmos developer Jacob Gadikian revealed that the network’s developers are on the path to remove the LSM from the Cosmos Hub.
Gadikian also confirmed that specific branches of the Cosmos SDK repository marked with a “-lsm” suffix contain contributions from North Korean individuals linked to illicit money activities, developed under fraudulent identities.
He further stated:
“The code in question should be entirely removed from the repository, or an extremely large, bold face warning should be placed on the cosmos-sdk repository.”
The Cosmos developer community is currently advocating for a comprehensive audit of the LSM to fully disclose the extent of North Korean involvement. This audit could lead to the blacklisting of specific individuals and entities, including Zaki Manian, Iqlusion, and other key proponents of the module.
