All in Bits: The LSM module of Cosmos Hub has security vulnerabilities, with most of the code written by a North Korean proxy developer.

Wu reported that All in Bits (AiB), a builder in the Cosmos ecosystem, has issued an emergency alert regarding serious security vulnerabilities in the Liquid Staking Module (LSM) of Cosmos Hub. AiB pointed out that most of the LSM code was developed by North Korean contractors; LSM is not an independent module but rather a modification of existing staking, distribution, and slashing modules, which could affect all staked ATOM; loopholes that allow for the evasion of penalties still exist; 19 months of code changes have not been audited; there are significant misleading behaviors from Zaki Manian and Iqlusion; and ICF, Stride Labs, and Informal Systems lack transparency. AiB recommends immediate repairs to the major staking vulnerabilities in LSM, a comprehensive audit, and full disclosure of the timeline regarding North Korean involvement, as well as blacklisting the relevant parties.