A newly released onchain investigation alleges that part of the Cosmos ecosystem may have been developed by North Korean agents and attracted the FBI’s attention in 2023.
Part of Cosmos’ Liquid Staking Module (LSM) may have been built by North Korean developers, according to Cosmos ecosystem developer Jacob Gadikian, who shared the investigation in an Oct. 16 X post:
“It isn’t about their geography or ethnicity. The people who built the LSM are the world’s most skilled and prolific crypto thieves.”
Investor concerns arose after the revelation, fearing that some of the developers might have come from the infamous Lazarus Group, a cybercrime group with North Korean government affiliation credited for some of the biggest crypto hacks, including the $600 million Ronin bridge exploit.
Cosmos was previously unaware of the North Korean contribution to the LSM, according to Ethan Buchman, the co-founder of Cosmos, who wrote in an Oct. 18 X post:
“Props to the teams coming together to line up these audits quickly. We’re also looking at ways to remove dependence on LSM completely. None of us were aware of the North Korean work on LSM, but working together to deal with it.”
The fact that malicious North Korean actors may be involved with Cosmos LSM code could present hidden vulnerabilities, like a secret back door in the ecosystem, according to Melody Chan, research lead at Redecentralise, a nonprofit advocating the sustainable development of decentralized finance (DeFi).
The research lead told Cointelegraph:
“The big fear is that these developers might add vulnerabilities, like backdoors or ways to hack the system. With the current issues in the LSM and the FBI’s warnings, it’s clear that thorough code audits are urgently needed.”
Lazarus is among the most notorious groups of crypto hackers, first emerging in 2009 and stealing over $3 billion in crypto assets in the six years leading up to 2023.
Related: Lazarus Group laundered over $200M in hacked crypto since 2020
Cosmos LSM’s fate could be decided by incoming security audits
While the possible North Korean connection is concerning, it doesn’t necessarily imply that the developers were affiliated with the Lazarus Group, according to Anndy Lian, author and intergovernmental blockchain expert.
Based on the current information, ties to the Lazarus Group are still just allegations, Lian told Cointelegraph. Still, he added:
“Should developers with connections to North Korea—especially those linked to military or state operations known for cyberattacks and cryptocurrency theft—be implicated, there is a potential risk of hidden vulnerabilities or backdoors in the code.”
Two parallel audits will be conducted to tackle any potential vulnerabilities. The first one by OtterSec and Binary Builders, scheduled to begin next week, and the second one by Zellic, set to start in mid-November, announced core Cosmos contributor Informal Systems
Related: Winklevoss-backed DeFi platform launches after $6.9M investment round
Core Cosmos contributors suggest phased removal of Cosmos LSM
Following the reports, Informal Systems suggested a “phased removal” of the Cosmos LSM, which would be replaced by a new framework.
The new framework would benefit validators, voters and overall Cosmos governance, the Cosmos contributor firm wrote in an Oct. 22 X post:
“After a community vote to remove the LSM, there would be a 1-2 month grace period for LSM shareholders to un-tokenize and convert their shares to native delegations. The Cosmos Hub will then need to upgrade to remove the LSM, invalidating remaining tokenized shares and automatically converting them back to native delegations.”
The new framework would separate governance from block production, enabling users to delegate block production to one validator while assigning governance votes to different entities.
Cointelegraph has asked Cosmos for comment, but received no immediate reply.
Bitcoin conference and a bad trip to North Korea | Crypto Stories Ep. 10. Source: YouTube
Magazine: Lazarus Group’s favorite exploit revealed — Crypto hacks analysis