Cosmos Hub’s Liquid Staking Module under scrutiny following DPRK ties

Concerns over the security of Cosmos Hub’s Liquid Staking Module have intensified following revelations that North Korean agents allegedly played a key role in its development.

Blockchain development firm All in Bits has issued a stark warning to the Cosmos community regarding the integrity of its Liquidity Staking Module, a solution that allowed for (ATOM) staked with validators to convert into liquid staked ATOM tokens.

In an X post on Oct. 16, All in Bits warned that contributions from developers allegedly linked to North Korea were made at the very beginning of the LSM’s development, raising alarms about potential vulnerabilities embedded in the system.

A timeline of events highlights critical oversights during the LSM’s development. In July 2022, an audit by Oak Security identified severe vulnerabilities, including mechanisms allowing stakers to evade slashing penalties. Alarmingly, the same North Korean developers were tasked with addressing these issues, All in Bits added, arguing compromised the integrity of the remediation process.

A year later, the FBI warned Zaki Manian, a lead figure in the LSM’s development, about DPRK’s involvement, All in Bits said, adding that “despite notification from FBI, Zaki promotes LSM as ‘finished’ and without disclosure to the Cosmos Hub community and pushes the LSM Signaling Proposal on chain.”

“This breach undermines Cosmos Hub’s security and integrity. AtomOne remains committed to these principles.”

All in Bits

Analysts at the blockchain development firm called for immediate action from the Cosmos governance community, including a comprehensive audit of the LSM and the establishment of stricter security protocols for future code contributions.

The heightened scrutiny of the LSM comes against a backdrop of increasing alerts from the FBI regarding North Korean hackers aggressively targeting employees in the crypto and decentralized finance sectors. Per the bureau, cybercriminals utilize sophisticated social engineering tactics designed to deceive even the most technically proficient individuals, emphasizing the critical need for robust security measures in the blockchain space.