Cosmos ecosystem rocked by North Korean developer allegations

A newly released onchain investigation alleges that part of the Cosmos ecosystem may have been developed by North Korean agents, potentially attracting the FBI’s attention in 2023.

Part of Cosmos’ Liquid Staking Module (LSM) may have been built by North Korean developers, according to Cosmos ecosystem developer Jacob Gadikian, who shared the investigation in an Oct. 16 X post:

“It isn’t about their geography or ethnicity.  The people who built the LSM are the world’s most skilled and prolific crypto thieves.”

Investor concerns arose after the revelation, fearing that part of these developers could be the infamous North Korean Lazarus Group, a cybercrime organization with suspected North Korean government affiliation, credited for some of the biggest crypto hacks, including the $600 million Ronin bridge exploit.

Cosmos was previously unaware of the North Korean contribution to the LSM, according to Ethan Buchman, the co-founder of Cosmos, who wrote in an Oct. 18 X post:

“Props to the teams coming together to line up these audits quickly. We’re also looking at ways to remove dependence on LSM completely. None of us were aware of the North Korean work on LSM, but working together to deal with it.”

The fact that malicious North Korean actors may be behind the Cosmos LSM code could present hidden vulnerabilities, like a secret back door in the ecosystem’s code, according to Melody Chan, research lead at Redecentralise, a nonprofit advocating for the sustainable development of decentralized finance (DeFi).

The research lead told Cointelegraph:

“The big fear is that these developers might add vulnerabilities, like backdoors or ways to hack the system. With the current issues in the LSM and the FBI’s warnings, it’s clear that thorough code audits are urgently needed.”

Lazarus is among the most notorious groups of crypto hackers and first emerged in 2009. The Lazarus Group stole over $3 billion in crypto assets in the six years leading up to 2023.

Related: Lazarus Group laundered over $200M in hacked crypto since 2020

Cosmos LSM’s fate could be decided by incoming security audits

While the previously unknown North Korean connection is concerning, it doesn’t necessarily imply that the developers were affiliated with the North Korean Lazarus Group, according to Anndy Lian, author and intergovernmental blockchain expert.

Based on the current information, the ties to the Lazarus Group are still just allegations, Lian told Cointelegraph:

“Should developers with connections to North Korea—especially those linked to military or state operations known for cyberattacks and cryptocurrency theft—be implicated, there is a potential risk of hidden vulnerabilities or backdoors in the code.”

Two parallel audits will be conducted to tackle any potential vulnerabilities. The first one by OtterSec and Binary Builders, scheduled to begin next week, and the second one by Zellic, set to start in mid-November, announced core Cosmos contributor Informal Systems

Related: Winklevoss-backed DeFi platform launches after $6.9M investment round

Core Cosmos contributors suggest phased removal of Cosmos LSM

Following the reports, Informal Systems suggested a “phased removal” of the Cosmos LSM, which would be replaced by a new framework.

The new framework would benefit validators, voters, and overall Cosmos governance, the Cosmos contributor firm wrote in an Oct. 22 X post:

“After a community vote to remove the LSM, there would be a 1-2 month grace period for LSM shareholders to un-tokenize and convert their shares to native delegations. The Cosmos Hub will then need to upgrade to remove the LSM, invalidating remaining tokenized shares and automatically converting them back to native delegations.”

The new framework would separate governance from block production, enabling users to delegate block production to one validator while assigning governance votes to different entities.

Cointelegraph has approached Cosmos for comment.

Bitcoin conference and a bad trip to North Korea | Crypto Stories Ep. 10. Source: YouTube

Magazine: Lazarus Group’s favorite exploit revealed — Crypto hacks analysis