Developers Linked to North Korea Helped Develop Cosmos Staking Module, Says Co-Founder
The post Developers Linked to North Korea Helped Develop Cosmos Staking Module, Says Co-Founder appeared on BitcoinEthereumNews.com.
Cosmos co-founder Jae Kwon has raised concerns about the integrity and security of the Cosmos Hub’s liquid staking module (LSM), noting that individuals linked to Democratic People’s Republic of Korea (DPRK) contributed significantly to its development. In a Tuesday GitHub post, Kwon explained that “for sixteen months […] the LSM was developed by individuals linked to North Korea, and their contributions were integrated into the Cosmos Hub without proper security vetting.” He attributed this oversight to “gross negligence” by the Cosmos validator hosting firm Iqlusion and its leader, Zaki Manian. Kwon’s concern is presumably that DPRK-linked actors have worked towards completing a so-called “supply chain attack” on Cosmos infrastructure. In such an attack, malicious developers infiltrate projects to embed vulnerabilities in the code that can later be exploited. This is a technique that’s become a trademark of DPRK hackers, as the United Kingdom’s National Cyber Security Centre reported at the end of 2023. Kwon explained that LSM’s design allows “for stakers to evade slashing by tokenizing their delegations.” Josh Lee, the co-founder of decentralized exchange Osmosis, explained in an Oct. 16 tweet that “the premise of proof-of-stake is that it is secure because there is accountability of the stakeholders.” He said this would allow an attacker to take control of the chain by holding a big enough stake without being exposed to slashing. Manian and Iqlusion did not immediately respond to a request for comment from Decrypt. Iqlusion and Manian began developing the LSM in August 2021 with developers Jun Kai and Sarawut Sanit. Kwon later claimed these individuals were North Korean agents and that they contributed most of the code. lots of confusion/misinformation about the north korean LSM on the hub. let me, the south korean, clarify things a bit let’s dig in 👇 what’s the vulnerability? aib says…
Filed under: News - @ October 16, 2024 9:18 pm