Cosmos Faces Security Concerns Over Inherited Malicious Code

Cosmos (ATOM) is at risk due to potentially harmful code inherited from North Korean hackers disguised as developers.

Recent findings suggest the liquid staking module (LSM) needs a thorough reassessment to safeguard user funds.

Development of the LSM started in 2021 under Zaki Manian and the Iqlusion team, funded by the Interchain Foundation (ICF). In August, two developers, Jun Kai and Sarawut Sanit, with ties to North Korean hacking, joined the project. Their involvement went unnoticed until the FBI informed Manian, despite an audit being conducted.

Years passed before the Cosmos community received complete information about vulnerabilities in the code. Although a known slashing evasion issue was supposedly fixed, experts, including Cosmos co-founder Jae Kwon, believe some parts of the code still pose risks. Manian claimed the entire codebase was rewritten, but it remains unclear why.

Community members noted that the LSM still relies on potentially malicious code, with significant sections derived from the hackers. The last update to the LSM was in February 2022, during the hackers’ involvement, and it has operated without an audit since September 2023.

Despite these issues, Cosmos remains a solid platform, with most locked value in liquid staking initiatives like Stride and Stafi, totaling around $876,000. While striving to be a key player in DeFi and Web3, Cosmos has struggled since the 2022 market downturn.

The ecosystem also hosts networks like Celestia (TIA) and Injective (INJ), with tokens valued over $20 billion.