It has come to light that the code for Cosmos Hub’s Liquid Staking Module (LSM) was largely developed by North Korean agents. This information, revealed by All in Bits (AiB), has raised security concerns within the community.
History of LSM Development
The development of the LSM began in August 2021, led by the Interchain Foundation and with significant contributions from Iqlusion and Zaki Manian. Later stages saw collaboration with Stride Labs, Binary Builders, and Informal Systems for integration into Gaia. However, a pivotal role was played by two North Korean developers, Jun Kai and Sarawut Sanit, who contributed much of the code.
Flaws in the LSM Design
The LSM's design has a critical flaw that allows participants to evade slashing penalties, posing a risk to the entire staking ecosystem. An audit by Oak Security highlighted these vulnerabilities, yet the Iqlusion team continued to promote the LSM as complete, misleading the community about the real risks.
Call for Action
In light of these revelations, AiB has called for immediate action. They argue that the Interchain Foundation should conduct a comprehensive security audit of the LSM and develop stringent auditing requirements. This includes creating a blacklist of individuals promoting insecure protocols and establishing oversight protocols to ensure the safety of new implementations.
The future security of the Cosmos ecosystem depends on openly addressing and resolving the highlighted threats. The community deserves a secure network, free from hidden risks.