WEB3

Cosmos Hub's Liquid Staking Code Faces Security Risks With North Korean Links

by Soumen DattaOctober 16, 2024
chainDespite warnings from Oak Security about the risks of slashing evasion, the module was reportedly promoted as secure and ready for integration into the Cosmos Hub.

Most of the code for the Cosmos Hub's Liquid Staking Module (LSM) was developed by North Korean agents, according to , a prominent contributor in the Cosmos ecosystem.

The LSM's development reportedly began in August 2021, initiated by the Interchain Foundation (ICF) and spearheaded by Iqlusion, a key player in the Cosmos ecosystem and Zaki Manian. 

 

The project later saw collaboration with Stride Labs, Binary Builders, and Informal Systems to integrate the LSM into Gaia. However, the pivotal role played by two North Korean developers, Jun Kai and Sarawut Sanit, who contributed a majority of the code, has come under scrutiny.

Key Events:

  • June 2021: The ICF announced funding for ongoing work on Gaia and staking derivatives.

  • August 2021: Development of the LSM commenced, with significant contributions from North Korean developers.

  • July 2022: An audit by Oak Security flagged critical vulnerabilities in the LSM, particularly regarding slashing evasion.

  • March 2023: The FBI contacted Zaki Manian, revealing the North Korean links to the developers. However, this information was reportedly not disclosed to the Cosmos community.

  • April 2023: Zaki promoted the LSM as “finished,” ignoring ongoing security concerns, per reports.

Flaws in the LSM Design

The LSM’s design includes a critical flaw that allows participants to evade slashing penalties, posing a risk to the entire staking ecosystem. The Oak Security audit highlighted these vulnerabilities, yet Zaki and Iqlusion promoted the LSM as complete, creating a false sense of security.

 

This fundamental issue contradicts the principles of proof-of-stake systems, where slashing is essential for maintaining network integrity. By framing this flaw as an intentional design feature, they allegedly misled the Cosmos community about the real risks associated with the LSM.

Call for Action

 

In light of these revelations, AiB called for immediate action. A comprehensive audit of the LSM is essential to assess its security and integrity. According to AiB, the Interchain Foundation should:

  • Create a blacklist of individuals and entities involved in promoting insecure protocols, starting with Zaki Manian and Iqlusion.

  • Establish stringent audit requirements for any code development supported by the ICF.

  • Develop oversight protocols to ensure thorough safety assessments before new implementations are proposed.

  • The future security of the Cosmos ecosystem depends on addressing these issues openly and transparently. The community deserves a secure network, free from hidden risks.

DisclaimerDisclaimer: The views expressed in this article do not necessarily represent the views of BSCNews. The information provided in this article is for educational and informational purposes only and should not be construed as investment advice. BSCNews assumes no responsibility for any investment decisions made based on the information provided in this article
Author
Soumen DattaSoumen is an experienced writer in cryptocurrencies, DeFi, NFTs, and GameFi. He has been analyzing the space for the last several years and believes there is a lot of potential with blockchain technology, even though we are still at an early stage. In his spare time, Soumen enjoys playing his guitar and singing along. Soumen holds bags in BTC, ETH, BNB, MATIC, and ADA.

Related News

; 카지노사이트 카지노사이트 바카라사이트