The liquid staking module (LSM), developed with the involvement of North Korean programmers, will be removed from Cosmos Hub. The team is currently exploring possible ways to achieve this, according to developer Jacob Gadikian.
North Korea loves it when they send their best to work on a codebase and those who should be protecting decide that an audit will be enough.
An audit won’t be enough.
I can’t believe I am seeing your org actually support the continued inclusion of the lsm in the cosmos hub… pic.twitter.com/YOtrftJQFB
— Jacob Gadikian ?x⚗️ (@gadikian) October 16, 2024
Recently, Cosmos co-founder Jae Kwon accused Iqlusion CEO Zaki Manian (developer of LSM) of negligence based on an analysis by All in Bits.
It was revealed that Manian concealed from the community that most of the code was written by North Korean programmers. He also failed to disclose this after the FBI identified them and warned the company.
In 2022, Oak Security conducted a security audit of the solution commissioned by the Interchain Foundation (ICF) and identified critical vulnerabilities.
In April 2023, the head of Iqlusion announced the completion of LSM, despite unresolved issues.
“It is important to note that LSM is not a standalone module, but rather a series of modifications and extensions built on top of existing Cosmos staking solutions. […] Therefore, any vulnerability in the Iqlusion product affecting these core components could potentially put all locked ATOM at risk,” All in Bits specialists emphasized.
They recommended:
- fixing major bugs in LSM;
- conducting an immediate comprehensive security review;
- disclosing detailed information about the involvement of North Korean workers in the development;
- blacklisting all participants involved in creating the scandalous situation from the ICF.
Gadikian disagreed, stating:
“An audit won’t be enough.”
According to him, there was a supply chain attack on the Cosmos Hub code, and North Korean hackers have already “infected” several branches of the SDK repository.
“Checks and waiting won’t suffice to return to normalcy. This means purging the hub of code written by the largest cryptocurrency theft group,” the programmer concluded.
He also sarcastically presented new logos he created for Cosmos Hub and ICF.
Gadikian noted that he contacted Kwon, who supported the decision to remove the module.
According to UN experts, about half of North Korea’s foreign currency income is obtained through cyberattacks.