Cosmos blockchain network, researchers have identified potential vulnerabilities within its liquid staking module (LSM), allegedly linked to code injections by North Korean hackers. This alarming development raises questions about the security and integrity of Cosmos, particularly its capacity to protect user funds.
The Cosmos LSM, which has been marketed as safe and production-ready, has been found to possibly harbor malicious code. The development of this module began in 2021, led by Zaki Manian and the Iqlusion project, with funding from the Interchain Foundation (ICF). However, in August 2021, two new developers—Jun Kai and Sarawut Sanit—joined the project, later discovered to have ties to North Korean hacking operations.
Despite an initial code audit, the discovery of these developers’ affiliations was only made public when the FBI alerted Manian. Concerns have been raised regarding the safety of funds staked within the Cosmos network, with researchers urging for a thorough review of the codebase to mitigate risks.
It took several years for the Cosmos community to grasp the full scope of vulnerabilities within the LSM. Although there were claims that certain issues, such as slashing evasion, had been addressed, evidence suggests that some portions of the code remain unchanged and still pose risks.
Zaki Manian has stated that the original LSM was merely a concept and claimed that the code had been rewritten from scratch. However, this explanation does not clarify why such drastic measures were necessary in the first place. Community members have pointed out that even the purported rewrite retains significant sections of code from the hackers.
Moreover, the last significant code updates coincided with the hackers’ involvement, and since September 2023, the module has undergone 19 months without an audit, even as it became integrated into the Cosmos Hub.
The implications of these vulnerabilities are serious. The LSM’s structure allows for malicious actions while avoiding slashing penalties. This means a hacker could exploit the ecosystem without facing repercussions on their staked ATOM tokens. The situation necessitates not only a reassessment of the existing code but also additional disclosures about potential risks.
Despite these alarming findings, Cosmos has not reported any hacks to date. However, experts in the field are calling for another audit of the LSM, if not a complete overhaul of the codebase to ensure user security.
While the vulnerabilities within the LSM are concerning, the broader Cosmos ecosystem appears to be stable for other chains and projects. Most of the value locked within the Cosmos Hub is tied to liquid staking projects like Stride and Stafi, with an estimated risk value of around $876,000.
Although Cosmos has faced challenges, particularly following the collapse of Terra (LUNA), it still serves as a vital infrastructure for DeFi and Web3. The network currently hosts tokens valued at over $20 billion, including significant AI projects and various promising networks such as Celestia (TIA) and Injective (INJ). Importantly, these side chains are not directly affected by the vulnerabilities in the LSM.
The recent revelations regarding Cosmos highlight the need for ongoing vigilance and scrutiny within the cryptocurrency space. As the network grapples with these potential vulnerabilities, it must also navigate its role as a foundational layer for numerous projects and innovations.
With the price of ATOM recently dipping to $4.43, the situation underscores the importance of security and transparency in maintaining user trust and ecosystem stability. The Cosmos community awaits further developments and reassurances regarding the integrity of its liquid staking module and the overall safety of its network.
Get the latest Crypto & Blockchain News in your inbox.