{"id":17826,"date":"2024-10-16T18:01:23","date_gmt":"2024-10-16T15:01:23","guid":{"rendered":"https:\/\/forklog.com\/en\/cosmos-developers-to-remove-north-korea-linked-staking-module\/"},"modified":"2024-10-16T18:01:23","modified_gmt":"2024-10-16T15:01:23","slug":"cosmos-developers-to-remove-north-korea-linked-staking-module","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/cosmos-developers-to-remove-north-korea-linked-staking-module\/","title":{"rendered":"Cosmos Developers to Remove North Korea-Linked Staking Module"},"content":{"rendered":"<p>The liquid staking module (LSM), developed with the involvement of North Korean programmers, will be removed from Cosmos Hub. The team is currently exploring possible ways to achieve this, according to developer Jacob Gadikian.<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">North Korea loves it when they send their best to work on a codebase and those who should be protecting decide that an audit will be enough. <\/p>\n<p>An audit won&#8217;t be enough.<\/p>\n<p>I can&#8217;t believe I am seeing your org actually support the continued inclusion of the lsm in the cosmos hub\u2026 <a href=\"https:\/\/t.co\/YOtrftJQFB\">pic.twitter.com\/YOtrftJQFB<\/a><\/p>\n<p>\u2014 Jacob Gadikian ?x\u2697\ufe0f (@gadikian) <a href=\"https:\/\/twitter.com\/gadikian\/status\/1846383713032294810?ref_src=twsrc%5Etfw\">October 16, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Recently, Cosmos co-founder Jae Kwon accused Iqlusion CEO Zaki Manian (developer of LSM) of negligence based on an <a href=\"https:\/\/github.com\/allinbits\/announcements\/blob\/main\/2024_10_15_lsmnk.md\">analysis<\/a> by All in Bits.\u00a0<\/p>\n<p><script async src=\"https:\/\/telegram.org\/js\/telegram-widget.js?22\" data-telegram-post=\"forklog\/40283\" data-width=\"100%\"><\/script><\/p>\n<p>It was revealed that Manian concealed from the community that most of the code was written by North Korean programmers. He also failed to disclose this after the FBI identified them and warned the company.<\/p>\n<p>In 2022, Oak Security conducted a security audit of the solution commissioned by the Interchain Foundation (ICF) and identified critical vulnerabilities.<\/p>\n<p>In April 2023, the head of Iqlusion announced the completion of LSM, despite unresolved issues.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cIt is important to note that LSM is not a standalone module, but rather a series of modifications and extensions built on top of existing Cosmos staking solutions. [\u2026] Therefore, any vulnerability in the Iqlusion product affecting these core components could potentially put all locked ATOM at risk,\u201d All in Bits specialists emphasized.<\/p>\n<\/blockquote>\n<p>They recommended:<\/p>\n<ul class=\"wp-block-list\">\n<li>fixing major bugs in LSM;<\/li>\n<li>conducting an immediate comprehensive security review;<\/li>\n<li>disclosing detailed information about the involvement of North Korean workers in the development;<\/li>\n<li>blacklisting all participants involved in creating the scandalous situation from the ICF.<\/li>\n<\/ul>\n<p>Gadikian disagreed, stating:<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cAn audit won&#8217;t be enough.\u201d<\/p>\n<\/blockquote>\n<p>According to him, there was a supply chain attack on the Cosmos Hub code, and North Korean hackers have already \u201cinfected\u201d several branches of the <span data-descr=\"software development kit\" class=\"old_tooltip\">SDK<\/span> repository.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cChecks and waiting won&#8217;t suffice to return to normalcy. This means purging the hub of code written by the largest cryptocurrency theft group,\u201d the programmer concluded.<\/p>\n<\/blockquote>\n<p>He also sarcastically presented new logos he created for Cosmos Hub and ICF.<\/p>\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"385\" src=\"https:\/\/forklog.com\/wp-content\/uploads\/GZ-sM33b0AALiQD-1024x385.png\" alt=\"GZ-sM33b0AALiQD\" class=\"wp-image-243338\" srcset=\"https:\/\/forklog.com\/wp-content\/uploads\/GZ-sM33b0AALiQD-1024x385.png 1024w, https:\/\/forklog.com\/wp-content\/uploads\/GZ-sM33b0AALiQD-300x113.png 300w, https:\/\/forklog.com\/wp-content\/uploads\/GZ-sM33b0AALiQD-768x289.png 768w, https:\/\/forklog.com\/wp-content\/uploads\/GZ-sM33b0AALiQD-1536x577.png 1536w, https:\/\/forklog.com\/wp-content\/uploads\/GZ-sM33b0AALiQD.png 2044w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Source: X.<\/figcaption><\/figure>\n<p>Gadikian noted that he contacted Kwon, who supported the decision to remove the module.<\/p>\n<p>According to UN experts, <a href=\"https:\/\/forklog.com\/en\/news\/un-cyberattacks-account-for-half-of-north-koreas-foreign-currency-income\">about half of North Korea&#8217;s foreign currency income<\/a> is obtained through cyberattacks.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The liquid staking module (LSM), developed with the involvement of North Korean programmers, will be removed from Cosmos Hub. The team is currently exploring possible ways to achieve this, according to developer Jacob Gadikian. North Korea loves it when they send their best to work on a codebase and those who should be protecting decide [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":17825,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1173,1202],"class_list":["post-17826","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cosmos-atom","tag-north-korea-dprk"],"aioseo_notices":[],"amp_enabled":true,"views":"37","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/17826","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=17826"}],"version-history":[{"count":0,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/17826\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/17825"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=17826"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=17826"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=17826"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}