Concerns regarding the security of Cosmos Hub’s Liquid Staking Module have intensified after North Korean agents allegedly played a significant role in the module’s development.
Blockchain development firm All in Bits has issued a stern warning to the Cosmos community about the integrity of its Liquidity Staking Module, a solution that allows validators to convert staked ATOM tokens into liquid staked ATOM tokens.
URGENT ALERT: AiB has revealed the cause of serious security concerns regarding Cosmos Hub’s Liquid Staking Module (LSM).
Timeline:
* August 2021: Development of LSM begins, led by Iqlusion and Zaki Manian
* July 2022: Oak Security audit reveals critical vulnerabilities; North Korean developers…
— All in Bits (@Allinbits_inc) October 15, 2024
All in Bits warned in an October 16
The timeline of events highlights critical oversights during the development of the LSM. An audit by Oak Security in July 2022 found serious vulnerabilities, including mechanisms that allowed stakers to evade steep penalties. Worryingly, All in Bits added that the same North Korean developers were tasked with fixing these issues, suggesting that the integrity of the improvement process was compromised.
A year later, the FBI warned Zaki Manian, a leading figure in the development of LSM, about North Korea’s involvement. All in Bits added: “Despite notification from the FBI, Zaki is promoting the LSM as ‘done’ without explanation to the Cosmos Hub community” and is chain-challenging the LSM Signaling Proposal.”
“This breach undermines the security and integrity of Cosmos Hub. AtomOne remains committed to these principles.”
All in Bits
Analysts at the blockchain development firm called for immediate action from the Cosmos management community, including a comprehensive audit of the LSM and the establishment of tighter security protocols for future code contributions.
LSM’s increased scrutiny comes amid growing FBI warnings about North Korean hackers aggressively targeting employees in the crypto and decentralized finance industries. According to the bureau, cybercriminals are using sophisticated social engineering tactics designed to deceive even the most technically proficient individuals, highlighting the critical need for robust security measures in the blockchain space.
Bitcoin 
Ethereum 
Tether 
Solana 
BNB 
XRP 
Dogecoin 
USDC 
Lido Staked Ether 
Cardano 
TRON 
Avalanche 
Shiba Inu 
Wrapped stETH 
Wrapped Bitcoin 
Toncoin 
Sui 
WETH 
Bitcoin Cash 
Chainlink 
Pepe 
Polkadot 
LEO Token 
Stellar 
NEAR Protocol 
Litecoin 
Aptos 
Wrapped eETH 
Uniswap 
USDS 
Cronos 
Hedera 
Internet Computer 
Ethereum Classic 
Bonk 
Bittensor 
Kaspa 
Render 
Ethena USDe 
POL (ex-MATIC) 
WhiteBIT Coin 
Dai 
MANTRA 
Artificial Superintelligence Alliance 
Arbitrum 
dogwifhat 
Monero 
Stacks 
OKB 
Filecoin