Cosmos developers race to dismantle North Korea-linked staking module amid security fears
Cosmos developers plan to include a "bold face warning" about the module on the network's repository.
Cosmos developers are taking action to remove the Liquid Staking Module (LSM) from the Cosmos Hub after revelations linked its creation to North Korean agents.
Earlier today, blockchain development company All in Bits (AiB) issued an emergency alert, highlighting significant security vulnerabilities within the LSM.
Notably, news of the North Korean developers’ link to the project has negatively impacted the network’s token price, which fell by more than 2.5% in the last 24 hours to $4.44 as of press time.
North Korea links
According to AiB, a substantial portion of the LSM was developed by North Korean actors, raising critical concerns for the security of the Cosmos ecosystem.
The company clarified that the LSM is not a standalone feature but an extension built on existing Cosmos staking modules. This design means that any vulnerability in the LSM could impact the entire staking system, potentially putting all staked ATOM tokens at risk.
AiB further accused the leading developers of the LSM, Iqlusion and Zaki Manian, of lacking transparency. According to the company, the developers knew of the involvement of North Korean actors but chose not to disclose this information.
AiB claimed that Zaki Manian became aware of these connections in March 2023. The company also alleged that Manian knew the developers were under investigation by the FBI but failed to inform the Cosmos community. The company wrote:
“Despite possessing this crucial information, Zaki failed to conduct any further audits or a thorough review of the North Korean developers’ contributions before promoting the LSM for integration with the Cosmos Hub.”
In addition to the North Korean link, AiB raised concerns over a critical LSM design flaw. This flaw reportedly allows users to avoid future slashing penalties, transferring the risk to other stakers. Despite being discovered during an audit, the developers did not address the issue, instead calling it an “intentional design goal.”
Cosmos developers react
In an Oct. 16 post on X (formerly Twitter), Cosmos developer Jacob Gadikian announced that the network’s developers have started tracking the steps required to remove the LSM from the Cosmos Hub.
Gadikian also confirmed that specific branches of the Cosmos SDK repository, identified by “-lsm” suffixes, contain contributions from North Korean individuals linked to money laundering and developed under false identities.
He stated:
“The code in question should be entirely removed from the repository, or an extremely large, bold face warning should be put on the cosmos-sdk repository”
Cosmos developers are now calling for a thorough audit of the LSM to disclose the full involvement of North Korean actors. The audit may also lead to the blacklisting of specific individuals and entities, including Zaki Manian, Iqlusion, and other key promoters of the module.