Cosmos Faces Security Concerns Over Inherited Malicious Code
17.10.2024 12:00 2 min. read Alexander Zdravkov
Cosmos (ATOM) is at risk due to potentially harmful code inherited from North Korean hackers disguised as developers.
Recent findings suggest the liquid staking module (LSM) needs a thorough reassessment to safeguard user funds.
Development of the LSM started in 2021 under Zaki Manian and the Iqlusion team, funded by the Interchain Foundation (ICF). In August, two developers, Jun Kai and Sarawut Sanit, with ties to North Korean hacking, joined the project. Their involvement went unnoticed until the FBI informed Manian, despite an audit being conducted.
Years passed before the Cosmos community received complete information about vulnerabilities in the code. Although a known slashing evasion issue was supposedly fixed, experts, including Cosmos co-founder Jae Kwon, believe some parts of the code still pose risks. Manian claimed the entire codebase was rewritten, but it remains unclear why.
Community members noted that the LSM still relies on potentially malicious code, with significant sections derived from the hackers. The last update to the LSM was in February 2022, during the hackers’ involvement, and it has operated without an audit since September 2023.
Despite these issues, Cosmos remains a solid platform, with most locked value in liquid staking initiatives like Stride and Stafi, totaling around $876,000. While striving to be a key player in DeFi and Web3, Cosmos has struggled since the 2022 market downturn.
The ecosystem also hosts networks like Celestia (TIA) and Injective (INJ), with tokens valued over $20 billion.
-
1
Bybit Hack Leads to Record Crypto Losses in Early 2025
01.04.2025 20:00 2 min. read -
2
US Treasury Sanctions Iran-Backed Rebel Network Over Crypto Transactions and Arms Supply
05.04.2025 15:00 2 min. read -
3
American Woman Loses Millions in Sophisticated Crypto Scam
04.04.2025 18:00 2 min. read -
4
Bloomberg Strategist Predicts Bitcoin Crash to $10,000
07.04.2025 15:30 1 min. read -
5
Australia Cracks Down on Almost 100 Crypto Companies Linked to Fraudulent Scams
09.04.2025 20:00 2 min. read
Hackers Target UK Official’s Account in Crypto Scam Disguised as Government Project
A recent cyberattack targeting a UK government official’s social media account has highlighted ongoing concerns over digital impersonation and crypto scams.
NFT Trader Faces Prison for Hiding Millions in CryptoPunk Profits from IRS
A former NFT trader is facing potential prison time after admitting to hiding millions in profits from the IRS through undeclared sales of high-value digital assets.
Crypto Wallets Targeted by Sophisticated Malware Campaign
Cybersecurity researchers are sounding the alarm after discovering a new and increasingly sophisticated attack targeting the crypto community.
Australia Cracks Down on Almost 100 Crypto Companies Linked to Fraudulent Scams
Australia’s efforts to combat crypto-related fraud have intensified, with the country’s Securities and Investments Commission (ASIC) targeting 95 companies allegedly involved in deceptive schemes like pig butchering scams.
-
1
Bybit Hack Leads to Record Crypto Losses in Early 2025
01.04.2025 20:00 2 min. read -
2
US Treasury Sanctions Iran-Backed Rebel Network Over Crypto Transactions and Arms Supply
05.04.2025 15:00 2 min. read -
3
American Woman Loses Millions in Sophisticated Crypto Scam
04.04.2025 18:00 2 min. read -
4
Bloomberg Strategist Predicts Bitcoin Crash to $10,000
07.04.2025 15:30 1 min. read -
5
Australia Cracks Down on Almost 100 Crypto Companies Linked to Fraudulent Scams
09.04.2025 20:00 2 min. read
