Cosmos co-founder warns of North Korean influence in Cosmos Hub’s LSM

Cosmos co-founder warns of North Korean influence in Cosmos Hub’s LSM

By Charles Thuo - min read
Updated 24 October 2024
Cosmos co-founder warns of North Korean influence in Cosmos Hub's LSM
  • Cosmos co-founder Jae Kwon alleges North Korean agents helped develop Cosmos Hub’s LSM code
  • Kwon accuses Iqlusion’s Zaki Manian of hiding unresolved security risks
  • Kwon urges an immediate audit and stricter oversight for future implementations

Cosmos co-founder Jae Kwon has raised serious concerns regarding the integrity of the Cosmos Hub’s liquid staking module (LSM), alleging that significant portions of its development involved individuals linked to North Korea.

In a statement released on Tuesday, Kwon accused Cosmos validator hosting firm Iqlusion and its leader, Zaki Manian, of “gross negligence” in allowing the module’s integration without adequate security vetting.

Cosmos Hub’s LSM developers North Korea agents

According to Kwon, development of the LSM began in August 2021 under the direction of Iqlusion and Manian, with contributions from developers Jun Kai and Sarawut Sanit.

Kwon alleges that these developers were later identified as North Korean agents and had provided a substantial portion of the module’s code.

Despite awareness of their connections since March 2023, Kwon claimed Manian withheld this information and failed to disclose several unresolved security risks associated with the LSM.

The controversy gained traction following Manian’s social media acknowledgement that he had known about the North Korean-linked developers for months. However, instead of taking preventive actions, such as conducting an additional audit or informing the Cosmos community, Kwon stated that Manian continued to assert the module was “ready to be deployed.”

Kwon accused Manian of a “profound breach of trust” for prioritizing deployment over community safety.

Critical vulnerabilities in the LSM

Security issues had already surfaced during a 2022 audit that revealed critical vulnerabilities in the LSM. These vulnerabilities were reportedly addressed by the same North Korean-linked developers.

Kwon suggested that despite Manian’s claim of rewriting the LSM code before deployment, significant risks persisted, especially since the module was not a standalone feature, but a set of modifications built atop existing Cosmos staking modules.

This could potentially expose all staked ATOM tokens to security threats.

Kwon has called on the Cosmos governance community to initiate a comprehensive audit of the LSM immediately. Additionally, he urged the Interchain Foundation to impose stricter auditing standards and create an oversight framework to ensure the security of future Cosmos implementations.