Cosmos cofounder blames Iqlusion's Zaki Manian for North Korea-linked security risks in network's liquid staking module

Quick Take

  • Cosmos co-founder Jae Kwon said a significant part of the network’s liquid staking module was developed by North Korean agents, which proceeded under the alleged negligence of Iqlusion’s Zaki Manian. 
  • Kwon called for the Cosmos governance community to immediately conduct a comprehensive audit of the LSM.

Cosmos co-founder Jae Kwon highlighted concerns about the integrity and security of Cosmos Hub's liquid staking module in a post on Tuesday. It was revealed earlier that North Korean agents developed a significant part of the module. 

“For sixteen months, the LSM was developed by individuals linked to North Korea, and their contributions were integrated into the Cosmos Hub without proper security vetting,” said Kwon, blaming the “gross negligence” of Cosmos validator hosting firm Iqlusion and its leader Zaki Manian.

Iqlusion and Manian started developing the LSM in August 2021 with Jun Kai and Sarawut Sanit. Later, Kwon claimed they were North Korean agents. Kwon claimed the two alleged agents contributed most of the code.

Despite knowing the involvement of North Korean agents since March 2023, as the Iqlusion leader admitted on social media, Manian hid the issue as well as other unresolved security issues until earlier this month, Kwon wrote in the post.

“Rather than taking proactive measures, such as conducting an additional audit or disclosing this issue to the Cosmos community, Zaki publicly asserted that the module was ‘ready to be deployed,’” Kwon stated. “Zaki’s lack of transparency and poor judgment represents a profound breach of the trust placed in Iqlusion by the Cosmos community,” he added.

While critical vulnerabilities in LSM were discovered in an audit in 2022, the same North Korean agents were responsible for fixing it, and Kwon alleged that the last code merge was the same. Meanwhile, Manian claimed he rewrote the LSM code, presumably before deployment, along with the staking firm Stride.

Kwon further alleged that as LSM is not a “standalone” module but a collection of modifications and extensions built on top of the existing Cosmos staking modules, such vulnerabilities hold critical risks to potentially all staked Cosmos’ ATOM tokens.

He called for the Cosmos governance community to immediately conduct a comprehensive audit of the LSM. He urged the Interchain Foundation to implement stricter auditing requirements and develop an oversight protocol to ensure safety in new Cosmos implementations.

The Block has reached out to Manian for further comments on the matter.


Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.

© 2024 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Danny Park is an East Asia reporter at The Block writing on topics including Web3 developments and crypto regulations in the region. He was formerly a reporter at Forkast.News, where he actively covered the downfall of Terra-Luna and FTX. Based in Seoul, Danny has previously produced written and video content for media companies in Korea, Hong Kong and China. He holds a Bachelor of Journalism and Business Marketing from the University of Hong Kong.

Editor

To contact the editors of this story:
Adam James at
[email protected]
Vishal Chawla at
[email protected]