TechFlow news, October 16 — All in Bits, a builder within the Cosmos ecosystem, has revealed the root cause of critical security issues in the Cosmos Hub's Liquid Staking Module (LSM). The investigation found that the majority of the LSM code was written by developers linked to North Korea.
According to the All in Bits report, core problems with the LSM include: 1) Critical design flaws allowing slashing evasion remain unaddressed; 2) LSM is not an independent module but rather a series of modifications to existing staking, distribution, and slashing modules, potentially impacting all staked ATOM; 3) Over 19 months of code changes went unaudited; 4) Project lead Zaki Manian and Iqlusion engaged in significant misinformation; 5) Interchain Foundation (ICF), Stride Labs, and Informal Systems lacked transparency during project development.
The investigation shows LSM development began in August 2021, led by Zaki Manian and Iqlusion. However, most of the code was actually written by Jun Kai and Sarawut Sanit, later confirmed to be linked to North Korea. Although the Oak Security audit in July 2022 identified critical vulnerabilities—especially those related to slashing evasion—these issues were never adequately resolved. Furthermore, after learning in March 2023 about the developers’ connections to North Korea, Zaki Manian failed to disclose this critical information to the Cosmos community. Instead, in April 2023, he continued pushing forward the LSM signaling proposal, claiming the module was “complete,” a move All in Bits deems a material misrepresentation and serious negligence.
All in Bits recommends the following urgent actions: 1) Immediately patch the primary staking vulnerabilities in LSM; 2) Conduct a comprehensive and immediate security audit of the LSM; 3) Fully disclose the timeline of investigations regarding North Korean agent involvement; 4) Blacklist relevant parties associated with ICF; 5) Establish new audit and oversight protocols for ICF-funded projects.




