Last updated:
Journalist
Hassan Shittu
Journalist
Hassan Shittu
Share
Why Trust Cryptonews
Concerns over the security of the Cosmos Hub’s Liquid Staking Module (LSM) have intensified following revelations that North Korean developers were allegedly involved in its creation.
A detailed report by blockchain development firm All in Bits (AiB) unveiled a series of critical missteps, potential security risks, and severe lapses in transparency by those leading the LSM’s development.
The allegations center on Zaki Manian, a prominent figure in the Cosmos community and head of Iqlusion, who reportedly became aware of North Korean involvement in the LSM’s development as early as March 2023.
Cosmos Hub’s Liquid Staking in the Hands of North Korea?
The LSM’s development began in August 2021. It was led by Iqlusion and supported by other players in the Cosmos ecosystem, such as Stride Labs and Informal Systems.
The LSM was designed to enhance liquidity for staked ATOM tokens, allowing users to convert them into liquid staked assets.
However, AiB’s investigation has revealed that North Korean developers wrote a substantial portion of the LSM’s code.
In July 2022, Oak Security audited the LSM and uncovered severe vulnerabilities, including mechanisms that would allow stakers to evade slashing penalties—a fundamental aspect of ensuring the security of proof-of-stake blockchains.
Rather than addressing these concerns with independent experts, Zaki Manian and Iqlusion reportedly tasked the same North Korean developers with fixing the code’s vulnerabilities.
This compromised the remediation process and exposed the system to further risks, as the developers who potentially introduced the vulnerabilities were now responsible for fixing them.
In March 2023, the FBI informed Zaki Manian of the North Korean developers’ involvement. Despite this critical information, Manian did not alert the Cosmos community.
Instead, in April 2023, he pushed for a Signaling Proposal to integrate the LSM into the Cosmos Hub, claiming the module was “ready for deployment.”
This occurred while significant security vulnerabilities remained unresolved. By September 2023, the LSM was integrated into the Hub, with 19 months of unaudited code changes, potentially putting all staked ATOM tokens at risk.
Cosmos Co-founder Jae Kwon Calls for Accountability
The revelations have triggered widespread concern within the Cosmos community, with many questioning the decision-making process and the lack of transparency surrounding the LSM’s development.
AiB’s report has recommended several measures, including an immediate audit of the LSM, stricter security protocols for future code contributions, and greater transparency from the Interchain Foundation (ICF), which funded the LSM’s development.
Similarly, Cosmos co-founder Jae Kwon has also weighed in on the controversy. He expressed grave concerns over the security of the LSM and the role played by Iqlusion and Zaki Manian.
In a statement, Kwon highlighted the serious risks posed by the involvement of North Korean developers and criticized Manian for his lack of transparency.
Kwon said:
“For sixteen months, the LSM was developed by individuals linked to North Korea, and their contributions were integrated into the Cosmos Hub without proper security vetting.”
He accused Manian of “gross negligence” and called for immediate action to address the vulnerabilities and hold those responsible accountable.
Kwon further emphasized the need for a comprehensive audit of the LSM, arguing that the module’s design flaws could compromise the security of all staked ATOM tokens.
As the LSM is not a standalone module but a series of modifications to the existing staking infrastructure, any vulnerability within it could have far-reaching consequences for the entire Cosmos network.
Kwon also urged the Cosmos governance community to implement stricter auditing requirements and oversight protocols for future developments.
