“`html
Concerns surrounding the security of the Cosmos Hub’s Liquid Staking Module (LSM) have surged following disturbing allegations of North Korean developer involvement in its creation. A comprehensive investigation conducted by All in Bits (AiB) has laid bare a multitude of serious errors, potential security threats, and notable deficiencies in transparency regarding the LSM’s development.
Key Allegations Against Cosmos Hub’s Liquid Staking Module
The situation reportedly centers on Zaki Manian, an influential figure in the Cosmos community and the head of Iqlusion. Manian allegedly became aware of the North Korean developers’ participation in the LSM’s creation as early as March 2023. This alarming revelation raises urgent questions about the decision-making processes employed during the module’s development.
Timeline of Events Surrounding the LSM Development
The LSM’s development commenced in August 2021, spearheaded by Iqlusion with contributions from other prominent entities within the Cosmos ecosystem, such as Stride Labs and Informal Systems. The module was intended to provide enhanced liquidity for staked ATOM tokens by allowing users to convert these tokens into liquid staked assets. However, AiB’s findings indicate that a significant portion of the LSM’s code was drafted by North Korean developers, which poses unprecedented risks to the Cosmos network.
In July 2022, an audit by Oak Security uncovered critical vulnerabilities in the LSM, notably systems that could enable stakers to circumvent slashing penalties—an integral safety mechanism in proof-of-stake blockchains. Instead of seeking the expertise of impartial external professionals to address these significant flaws, Zaki Manian and Iqlusion allegedly employed the same North Korean developers to rectify the issues. This approach has raised alarms about the integrity of the remediation process, as those potentially responsible for introducing the flaws were now tasked with fixing them.
Failure to Communicate Critical Information
By March 2023, the FBI alerted Zaki Manian about the North Korean developers’ involvement. However, instead of informing the Cosmos community about this critical information, Manian continued to advocate for a Signaling Proposal in April 2023 aimed at integrating the LSM into the Cosmos Hub. He asserted that the module was “ready for deployment” even while significant security vulnerabilities lingered unresolved. Ultimately, by September 2023, the LSM was introduced into the Hub, despite 19 months of modifications to unaudited code, placing all staked ATOM tokens at dire risk.
Calls for Accountability and Reform
The alarming findings have sparked widespread apprehension within the Cosmos community, with many members expressing skepticism regarding the decision-making and transparency that characterized the LSM’s development. In response, AiB has recommended several measures, including an immediate and comprehensive audit of the LSM, tighter security protocols for future code contributions, and enhanced transparency from the Interchain Foundation (ICF), the entity that funded the LSM’s development.
Cosmos co-founder Jae Kwon has also publicly addressed the unfolding controversy, voicing serious concerns about the LSM’s security and the roles played by Iqlusion and Zaki Manian. Kwon criticized Manian for his lack of transparency and labeled the North Korean involvement as a significant risk factor. He pointed out that the LSM was developed for sixteen months by individuals associated with North Korea, stating that their contributions were incorporated into the Cosmos Hub without adequate security evaluation.
Urgency for a Comprehensive Audit
Kwon has called for immediate action to remedy the vulnerabilities and ensure accountability for those involved. He underscored the necessity for a thorough audit of the LSM, stressing that the module’s design faults could endanger the security of all staked ATOM tokens. Since the LSM is not an independent module but rather a series of modifications to the existing staking infrastructure, any identified vulnerabilities could potentially have catastrophic implications for the entire Cosmos network. Kwon further urged the Cosmos governance community to establish stricter auditing standards and oversight protocols for any future developments to safeguard against such risks.
“`