The developer of interconnected blockchain network Cosmos (ATOM) is warning that the Liquid Staking Module (LSM) of the Cosmos Hub poses serious security risks.
In a statement, Cosmos co-founder Jae Kwon says that when developer Zaki Manian began building the LSM in August 2021, Jun Kai and Sarawut Sanit, coders who were later linked to North Korea, wrote most of the module’s code.
Kwon says the same North Korean developers also fixed the vulnerabilities identified by an Oak Security audit in July 2022.
“This not only undermined the integrity of the remediation process but also gave the potential creators of the vulnerabilities the opportunity to either fix or obscure any intentional weakness they may have introduced, potentially exposing the system to further risks.”
Kwon says that in March 2023, the FBI informed Manian about the involvement of North Korea in the project, but instead of disclosing the information to the Cosmos community, Manian announced in April 2023 that the LSM was ready to be deployed and pushed the signaling proposal to integrate the LSM into the Cosmos Hub.
By September, the LSM was integrated into the Cosmos Hub with 19 months of unaudited code changes.
Kwon says the Cosmos governance community should take immediate action, warning that the security issues with the LSM could lead to serious consequences.
“It is important to note that the LSM is not a standalone module but rather a series of modifications and extensions built on top of the existing Cosmos staking modules… Consequently, any vulnerability in Iqlusion’s LSM that impacts these core modules could potentially put all staked ATOM at risk, as liquid staking interacts directly with staked assets.”
Don’t Miss a Beat – Subscribe to get email alerts delivered directly to your inbox
Check Price Action
Follow us on X, Facebook and Telegram
Surf The Daily Hodl Mix
 
Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any losses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.
Generated Image: Midjourney