Cosmos‘ co-founder and core contributors were unaware of the North Korean link, which could remove the Liquid Staking Module.
A recent on-chain investigation claims that part of the Cosmos ecosystem may have been developed by North Korean agents, potentially drawing the FBI’s attention in 2023.
According to Cosmos ecosystem developer Jacob Gadikian, who shared the findings in an Oct. 16 X post, North Korean developers may have contributed to the development of Cosmos’ Liquid Staking Module (LSM). Gadikian stated,
“It isn’t about their geography or ethnicity. The people who built the LSM are the world’s most skilled and prolific crypto thieves.”
The revelation has raised concerns among investors, who fear that these developers could be linked to the infamous North Korean Lazarus Group.
This cybercrime organization, allegedly affiliated with the North Korean government, has been involved in some of the largest crypto hacks, including the $600 million Ronin bridge attack.
Cosmos co-founder Ethan Buchman addressed the issue in an Oct. 18 X post, stating that the team was unaware of the North Korean involvement in the LSM but is working quickly to address the situation. He said,
“Props to the teams coming together to line up these audits quickly. We’re also looking at ways to remove dependence on LSM completely. None of us were aware of the North Korean work on LSM, but working together to deal with it.”
Melody Chan, research lead at Redecentralise, expressed concern that North Korean developers might have introduced vulnerabilities, such as backdoors, into the LSM code. She told Cointelegraph,
“The big fear is that these developers might add vulnerabilities, like backdoors or ways to hack the system. With the current issues in the LSM and the FBI’s warnings, it’s clear that thorough code audits are urgently needed.”
Lazarus Group, known for stealing over $3 billion in crypto assets between 2017 and 2023, remains one of the most notorious crypto hacking groups.
Security Audits to Determine the Fate of Cosmos LSM
While the connection to North Korea is troubling, it doesn’t automatically mean the developers are tied to the Lazarus Group, according to blockchain expert Anndy Lian. Lian told Cointelegraph,
“Should developers with connections to North Korea—especially those linked to military or state operations known for cyberattacks and cryptocurrency theft—be implicated, there is a potential risk of hidden vulnerabilities or backdoors in the code.”
Two separate security audits have been scheduled to address any vulnerabilities. The first audit, led by OtterSec and Binary Builders, will begin next week, followed by a second audit by Zellic in mid-November, according to core Cosmos contributor Informal Systems.
Phased Removal of Cosmos LSM Suggested by Core Contributors
In response to the concerns, Informal Systems has proposed a “phased removal” of the Cosmos LSM, which a new framework would replace. In an Oct. 22 X post:
“After a community vote to remove the LSM, there would be a 1-2 month grace period for LSM shareholders to un-tokenize and convert their shares to native delegations. The Cosmos Hub will then need to upgrade to remove the LSM, invalidating remaining tokenized shares and automatically converting them back to native delegations.”
The new framework would allow users to delegate block production to one validator while assigning governance votes to other entities, benefiting validators, voters, and overall Cosmos governance.
