Cosmos Faces Security Concerns Over Inherited Malicious Code
17.10.2024 12:00 2 min. read Alexander Zdravkov
Cosmos (ATOM) is at risk due to potentially harmful code inherited from North Korean hackers disguised as developers.
Recent findings suggest the liquid staking module (LSM) needs a thorough reassessment to safeguard user funds.
Development of the LSM started in 2021 under Zaki Manian and the Iqlusion team, funded by the Interchain Foundation (ICF). In August, two developers, Jun Kai and Sarawut Sanit, with ties to North Korean hacking, joined the project. Their involvement went unnoticed until the FBI informed Manian, despite an audit being conducted.
Years passed before the Cosmos community received complete information about vulnerabilities in the code. Although a known slashing evasion issue was supposedly fixed, experts, including Cosmos co-founder Jae Kwon, believe some parts of the code still pose risks. Manian claimed the entire codebase was rewritten, but it remains unclear why.
Community members noted that the LSM still relies on potentially malicious code, with significant sections derived from the hackers. The last update to the LSM was in February 2022, during the hackers’ involvement, and it has operated without an audit since September 2023.
Despite these issues, Cosmos remains a solid platform, with most locked value in liquid staking initiatives like Stride and Stafi, totaling around $876,000. While striving to be a key player in DeFi and Web3, Cosmos has struggled since the 2022 market downturn.
The ecosystem also hosts networks like Celestia (TIA) and Injective (INJ), with tokens valued over $20 billion.
-
1
SEC Charges Georgia-based First Liberty and Owner in $140 Million Ponzi Scheme
12.07.2025 17:00 2 min. read -
2
Ex-NCA Officer Jailed for Stealing 50 BTC From Dark Web Criminal
17.07.2025 20:00 3 min. read -
3
CoinDCX Suffers $44M Breach, Customer Funds Remain Secure
20.07.2025 10:00 1 min. read -
4
UK to Sell Almost $7B in Seized Bitcoin as Treasury Eyes Crypto Boost
20.07.2025 9:00 2 min. read -
5
Pennsylvania Man Sentenced to 8 Years for $40M Crypto Ponzi Scheme
28.06.2025 11:30 1 min. read
CoinDCX Suffers $44M Breach, Customer Funds Remain Secure
Indian crypto exchange CoinDCX has confirmed a $44 million security breach involving one of its internal liquidity accounts.
UK to Sell Almost $7B in Seized Bitcoin as Treasury Eyes Crypto Boost
The United Kingdom’s Home Office is preparing to liquidate a massive cache of seized cryptocurrency—at least $7 billion worth of Bitcoin—according to a new report by The Telegraph.
Ex-NCA Officer Jailed for Stealing 50 BTC From Dark Web Criminal
A former National Crime Agency (NCA) officer has been sentenced to five years and six months in prison after stealing 50 BTC—now worth over £4.4 million—from a criminal investigation he was helping to lead.
SEC Charges Georgia-based First Liberty and Owner in $140 Million Ponzi Scheme
The U.S. Securities and Exchange Commission (SEC) has filed emergency enforcement actions against First Liberty Building & Loan, LLC and its founder, Edwin Brant Frost IV, alleging they operated a $140 million Ponzi scheme that spanned more than a decade and defrauded around 300 investors.
-
1
SEC Charges Georgia-based First Liberty and Owner in $140 Million Ponzi Scheme
12.07.2025 17:00 2 min. read -
2
Ex-NCA Officer Jailed for Stealing 50 BTC From Dark Web Criminal
17.07.2025 20:00 3 min. read -
3
CoinDCX Suffers $44M Breach, Customer Funds Remain Secure
20.07.2025 10:00 1 min. read -
4
UK to Sell Almost $7B in Seized Bitcoin as Treasury Eyes Crypto Boost
20.07.2025 9:00 2 min. read -
5
Pennsylvania Man Sentenced to 8 Years for $40M Crypto Ponzi Scheme
28.06.2025 11:30 1 min. read