All in Bits explains why there are serious security issues with Cosmos Hub LSM
![clock](data:image/svg+xml,%3csvg%20width='16'%20height='16'%20viewBox='0%200%2016%2016'%20fill='none'%20xmlns='http://www.w3.org/2000/svg'%3e%3cpath%20d='M7.97091%202.24375H7.92C7.16215%202.23935%206.41102%202.38597%205.71046%202.67506C5.0099%202.96416%204.37396%203.38992%203.83976%203.9275C3.30557%204.46508%202.88383%205.1037%202.59917%205.80607C2.3145%206.50844%202.17263%207.26049%202.18182%208.01829C2.20353%209.5687%202.83006%2011.0493%203.92783%2012.1443C5.0256%2013.2394%206.50773%2013.8622%208.05818%2013.8801H8.11272C8.86783%2013.8802%209.61543%2013.7303%2010.3122%2013.4393C11.0089%2013.1483%2011.641%2012.7218%2012.1717%2012.1847C12.7024%2011.6475%2013.1212%2011.0104%2013.4039%2010.3102C13.6865%209.60996%2013.8273%208.86061%2013.8182%208.10557C13.7994%206.55926%2013.1778%205.08136%2012.0856%203.98652C10.9935%202.89168%209.51716%202.26638%207.97091%202.24375ZM11.6364%2011.6947C11.1659%2012.1629%2010.6068%2012.5326%209.99183%2012.7824C9.37684%2013.0321%208.71826%2013.1568%208.05454%2013.1492C6.69483%2013.1313%205.3959%2012.5829%204.43469%2011.621C3.47348%2010.6592%202.92604%209.35984%202.90909%208.00011C2.90232%207.33933%203.02717%206.68382%203.27637%206.07179C3.52556%205.45977%203.89412%204.90348%204.36053%204.43537C4.82695%203.96726%205.3819%203.59669%205.99302%203.34528C6.60414%203.09387%207.2592%202.96664%207.92%202.97102H7.96727C9.3219%202.99266%2010.6148%203.54141%2011.5714%204.50075C12.528%205.4601%2013.0731%206.75452%2013.0909%208.1092C13.1005%208.77373%2012.9766%209.43342%2012.7268%2010.0493C12.477%2010.6651%2012.1062%2011.2246%2011.6364%2011.6947Z'%20fill='%23878F9C'/%3e%3cpath%20d='M9.45452%208.36355H7.99998V5.45446C7.99998%205.35801%207.96167%205.26552%207.89347%205.19733C7.82528%205.12913%207.73278%205.09082%207.63634%205.09082C7.5399%205.09082%207.44741%205.12913%207.37921%205.19733C7.31102%205.26552%207.27271%205.35801%207.27271%205.45446V8.72718C7.27271%208.77494%207.28211%208.82222%207.30038%208.86634C7.31866%208.91046%207.34544%208.95055%207.37921%208.98431C7.41298%209.01808%207.45307%209.04487%207.49718%209.06314C7.5413%209.08141%207.58859%209.09082%207.63634%209.09082H9.45452C9.55097%209.09082%209.64346%209.05251%209.71165%208.98431C9.77985%208.91612%209.81816%208.82363%209.81816%208.72718C9.81816%208.63074%209.77985%208.53825%209.71165%208.47005C9.64346%208.40186%209.55097%208.36355%209.45452%208.36355Z'%20fill='%23878F9C'/%3e%3c/svg%3e)
2024-10-16 01:35:16
Cosmos ecosystem software development company All in Bits says it has discovered serious security issues with Cosmos Hub's Liquidity Staking Module (LSM), including that most of the LSM code was written by North Korean agents; LSM is not a standalone module, but a set of modifications to existing staking, allocation, and forfeiture modules that may affect all staking ATOMs; vulnerabilities that allow forfeiture circumvention still exist; 19-month code changes unaudited; significant misstatements by Zaki Manian and Iqlusion; lack of transparency in ICF, Stride Labs, and informal systems.
All in Bits recommends immediate fixes to major LSM pledge vulnerabilities; immediate, comprehensive LSM audits; full disclosure of the timeline for North Korea's involvement in investigations; ICF related party blacklists; and new audit and oversight protocols for ICF-funded projects.