North Korean Developers Played Pivotal Role in Building Cosmos' Liquid Staking Module, Raising Security Concerns

The LSM's development reportedly began in August 2021, initiated by the Interchain Foundation (ICF) and spearheaded by Iqlusion, a key player in the Cosmos ecosystem and Zaki Manian.

The development of the Liquid Staking Module (LSM) for Cosmos began in August 2021, an initiative spearheaded by the Interchain Foundation (ICF) in collaboration with Iqlusion. The project aimed to integrate LSM into the Gaia codebase, facilitating the launch of staking derivatives.

As the project progressed, two North Korean developers, identified as Jun Kai and Sarawut Sanit, played a pivotal role, contributing a substantial portion of the code to the LSM. This involvement, however, later became a subject of scrutiny.

A series of key events unfolded throughout the LSM's development and integration:

June 2021: The Interchain Foundation (ICF) announced funding for ongoing work on Gaia and staking derivatives, which included the development of the LSM.

August 2021: Development of the LSM commenced, with significant contributions from North Korean developers.

July 2022: An audit of the LSM by Oak Security flagged critical vulnerabilities, particularly regarding slashing evasion.

March 2023: The FBI approached Zaki Manian, Iqlusion's lead, regarding the North Korean links to the developers, but this information was not disclosed to the Cosmos community, according to reports.

April 2023: Zaki promoted the LSM as “finished,” downplaying ongoing security concerns.

Flaws in the LSM Design

The LSM's design reportedly included a critical flaw that enabled participants to evade slashing penalties, posing a threat to the entire staking ecosystem. This vulnerability, highlighted by the Oak Security audit, was not adequately addressed.

Despite the fundamental issue and ongoing security concerns, Zaki and Iqlusion reportedly promoted the LSM as complete, creating a false sense of security. This做法contradicted the principles of proof-of-stake systems, where slashing is crucial for maintaining network integrity.

By presenting this flaw as an intentional design feature, they allegedly misled the Cosmos community about the real risks associated with the LSM.

Call for Action

These revelations prompted AiB to call for immediate action, highlighting the need for a comprehensive audit of the LSM to assess its security and integrity.

According to AiB, the Interchain Foundation should:

Create a blacklist of individuals and entities involved in promoting insecure protocols, starting with Zaki Manian and Iqlusion.

Establish stringent audit requirements for any code development supported by the ICF.

Develop oversight protocols to ensure thorough safety assessments before new implementations are proposed.

The future security of the Cosmos ecosystem depends on addressing these issues openly and transparently. The community deserves a secure network, free from hidden risks.

The above is the detailed content of North Korean Developers Played Pivotal Role in Building Cosmos' Liquid Staking Module, Raising Security Concerns. For more information, please follow other related articles on the PHP Chinese website!