Cosmos Faces Security Concerns Over Inherited Malicious Code
17.10.2024 12:00 2 min. read Alexander Zdravkov
Cosmos (ATOM) is at risk due to potentially harmful code inherited from North Korean hackers disguised as developers.
Recent findings suggest the liquid staking module (LSM) needs a thorough reassessment to safeguard user funds.
Development of the LSM started in 2021 under Zaki Manian and the Iqlusion team, funded by the Interchain Foundation (ICF). In August, two developers, Jun Kai and Sarawut Sanit, with ties to North Korean hacking, joined the project. Their involvement went unnoticed until the FBI informed Manian, despite an audit being conducted.
Years passed before the Cosmos community received complete information about vulnerabilities in the code. Although a known slashing evasion issue was supposedly fixed, experts, including Cosmos co-founder Jae Kwon, believe some parts of the code still pose risks. Manian claimed the entire codebase was rewritten, but it remains unclear why.
Community members noted that the LSM still relies on potentially malicious code, with significant sections derived from the hackers. The last update to the LSM was in February 2022, during the hackers’ involvement, and it has operated without an audit since September 2023.
Despite these issues, Cosmos remains a solid platform, with most locked value in liquid staking initiatives like Stride and Stafi, totaling around $876,000. While striving to be a key player in DeFi and Web3, Cosmos has struggled since the 2022 market downturn.
The ecosystem also hosts networks like Celestia (TIA) and Injective (INJ), with tokens valued over $20 billion.
-
1
DeFi Protocol Loopscale Hit by Exploit, Pauses Key Functions
27.04.2025 17:30 2 min. read -
2
Celsius CEO Sentenced to 12 Years Over $5 Billion Crypto Scandal
09.05.2025 10:00 2 min. read -
3
Mango Markets Hacker Sentenced for Separate Criminal Charges
03.05.2025 11:00 1 min. read -
4
North Korean Agent Exposed in Crypto Job Scam at Kraken
04.05.2025 20:00 2 min. read -
5
ZachXBT Helps Freeze $7M After $330M Bitcoin Theft From Elderly Holder
05.05.2025 16:00 1 min. read
Celsius CEO Sentenced to 12 Years Over $5 Billion Crypto Scandal
A major chapter in crypto’s legal reckoning closed this week as Alex Mashinsky, once a prominent name in digital lending, received a 12-year prison sentence.
Alex Mashinsky Seeks One-Year Sentence as DOJ Pushes for 20 Years
Former Celsius CEO Alex Mashinsky is asking for a significantly reduced prison sentence ahead of his May 8 sentencing, with his legal team pushing back hard against the U.S. Department of Justice’s call for a 20-year term.
Samourai Wallet Case Faces Scrutiny After Allegations of Withheld Evidence
The legal battle against the creators of Samourai Wallet has taken a sharp turn, as defense attorneys accuse federal prosecutors of suppressing a key legal interpretation from the Treasury Department that could dismantle the core of the government’s case.
ZachXBT Helps Freeze $7M After $330M Bitcoin Theft From Elderly Holder
A decades-long Bitcoin holder has reportedly lost over $300 million in a devastating crypto theft — one of the largest in recent memory.
-
1
DeFi Protocol Loopscale Hit by Exploit, Pauses Key Functions
27.04.2025 17:30 2 min. read -
2
Celsius CEO Sentenced to 12 Years Over $5 Billion Crypto Scandal
09.05.2025 10:00 2 min. read -
3
Mango Markets Hacker Sentenced for Separate Criminal Charges
03.05.2025 11:00 1 min. read -
4
North Korean Agent Exposed in Crypto Job Scam at Kraken
04.05.2025 20:00 2 min. read -
5
ZachXBT Helps Freeze $7M After $330M Bitcoin Theft From Elderly Holder
05.05.2025 16:00 1 min. read