A significant portion of the Liquid Staking Module (LSM) code for Cosmos Hub was reportedly written by North Korean agents, raising concerns within the Cosmos community.
History of LSM Development
The development of the LSM began in August 2021, initiated by the Interchain Foundation and spearheaded by Iqlusion, a pivotal player in the Cosmos ecosystem. The project later collaborated with Stride Labs, Binary Builders, and Informal Systems to integrate the module into Gaia. However, the critical roles played by North Korean developers, such as Jun Kai and Sarawut Sanit, have come under scrutiny.
Flaws in LSM Design
The design of the LSM includes a critical flaw that allows participants to evade penalties, posing a risk to the entire staking ecosystem. An audit by Oak Security highlighted these vulnerabilities, yet the LSM was promoted as a completed project, misleading the community about the real risks involved.
Call for Action
In light of these revelations, All in Bits calls for immediate action. A thorough audit of the LSM is essential to assess its security and integrity. It is suggested that the ICF create a blacklist of individuals and entities involved in promoting insecure protocols, starting with Zaki Manian and Iqlusion, as well as to establish stringent audit requirements for any code supported by the ICF.
The future security of the Cosmos ecosystem relies on addressing these issues openly. The community deserves a secure network free from hidden threats.