Co-founder of Cosmos, Jae Kwon, has accused Iqlusion CEO Zakir Manian of negligence based on an analysis conducted by All in Bits.
URGENT ALERT: AiB has uncovered cause for serious security concerns with Cosmos Hub's Liquid Staking Module (LSM).
— All in Bits (@Allinbits_inc) October 15, 2024
Timeline:
* Aug 2021: LSM development begins, led by Iqlusion & Zaki Manian
* Jul 2022: Oak Security audit reveals critical vulnerabilities; North Korean devs…
It was discovered that Manian had failed to disclose that a significant portion of the code for the Liquid Staking Module (LSM) was written by developers from North Korea. He also neglected to report this after the FBI identified the individuals and warned the company of potential threats.
In 2022, Oak Security conducted a security audit of the solution developed on behalf of the Interchain Foundation (ICF) and discovered critical vulnerabilities. However, in April 2023, Manian announced the completion of work on LSM despite the remaining issues.
“It is important to note that LSM is not a standalone module but rather a series of modifications and extensions built on top of existing Cosmos staking solutions. […] Any vulnerability in Iqlusion’s product could jeopardize all staked ATOM,” stated experts from All in Bits.
All in Bits Recommendations
The All in Bits team proposed the following actions:
- Fix the critical bugs in LSM.
- Immediately conduct a comprehensive security review.
- Disclose the involvement of North Korean programmers.
- Blacklist all involved parties, including ICF.
Gadiyan’s Response
Cosmos developer Gadikian disagreed with limiting the response to an audit:
“An audit will not be enough,” he stated. According to him, a supply chain attack had occurred on the Cosmos Hub codebase, and North Korean hackers had already “infected” part of the SDK repositories.
He noted that the Cosmos Hub codebase needed to be cleared of North Korean hacker influence and sarcastically presented new logos for Cosmos Hub and ICF.
Gadikian contacted Kwon, who supported the decision to remove the LSM module from the Cosmos ecosystem.
Context
According to UN experts, North Korea’s foreign currency income is partly linked to cyberattacks, including those targeting cryptocurrency projects.
Cryptol – your source for the latest news on cryptocurrencies, information technology, and decentralized solutions. Stay informed about the latest trends in the digital world.