Cosmos Hub Faces Serious Risks After 19 Months of Unaudited LSM Code

  • The Liquid Staking Module (LSM) faces critical security risks, including slashing evasion flaws.

  • North Korean-linked developers were involved in LSM development, raising integrity concerns.

  • Despite warnings, LSM was integrated into the Cosmos Hub without addressing key vulnerabilities.

A security review has found serious issues within the Liquid Staking Module (LSM) integrated into the Cosmos Hub. Developed by Iqlusion and led by Zaki Manian, the LSM contains critical vulnerabilities that could compromise the system’s integrity and user safety.

LSM development began in August 2021, led by Iqlusion and later supported by several other organizations, including Stride Labs and Informal Systems. In July 2022, Oak Security audited the LSM codebase and found severe vulnerabilities, especially those related to slashing evasion.

URGENT ALERT: AiB has uncovered cause for serious security concerns with Cosmos Hub's Liquid Staking Module (LSM).

Timeline:
* Aug 2021: LSM development begins, led by Iqlusion & Zaki Manian
* Jul 2022: Oak Security audit reveals critical vulnerabilities; North Korean devs…

— All in Bits (@Allinbits_inc) October 15, 2024

Despite these…

The post Security Audit Reveals Flaws in Cosmos Hub’s Liquid Staking Module appeared first on Coin Edition.