Cosmos co-founder Jae Kwon highlighted concerns about the integrity and security of Cosmos Hub 
ATOM -2.03% 's liquid staking module in a post on Tuesday. It was revealed earlier that North Korean agents developed a significant part of the module.
“For sixteen months, the LSM was developed by individuals linked to North Korea, and their contributions were integrated into the Cosmos Hub without proper security vetting,” said Kwon, blaming the “gross negligence” of Cosmos validator hosting firm Iqlusion and its leader Zaki Manian.
Iqlusion and Manian started developing the LSM in August 2021 with Jun Kai and Sarawut Sanit. Later, Kwon claimed they were North Korean agents. Kwon claimed the two alleged agents contributed most of the code.
Despite knowing the involvement of North Korean agents since March 2023, as the Iqlusion leader admitted on social media, Manian hid the issue as well as other unresolved security issues until earlier this month, Kwon wrote in the post.
“Rather than taking proactive measures, such as conducting an additional audit or disclosing this issue to the Cosmos community, Zaki publicly asserted that the module was ‘ready to be deployed,’” Kwon stated. “Zaki’s lack of transparency and poor judgment represents a profound breach of the trust placed in Iqlusion by the Cosmos community,” he added.
While critical vulnerabilities in LSM were discovered in an audit in 2022, the same North Korean agents were responsible for fixing it, and Kwon alleged that the last code merge was the same. Meanwhile, Manian claimed he rewrote the LSM code, presumably before deployment, along with the staking firm Stride.
Kwon further alleged that as LSM is not a “standalone” module but a collection of modifications and extensions built on top of the existing Cosmos staking modules, such vulnerabilities hold critical risks to potentially all staked Cosmos’ ATOM tokens.
He called for the Cosmos governance community to immediately conduct a comprehensive audit of the LSM. He urged the Interchain Foundation to implement stricter auditing requirements and develop an oversight protocol to ensure safety in new Cosmos implementations.
Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.
© 2024 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
