Hey there, cosmic explorers! We've got some cosmic drama brewing in the universe of Cosmos. Think of it as a space soap opera with a dash of spies and intrigue.
Our story kicks off with Jae Kwon, the co-founder of Cosmos, sounding the alarm about some shady dealings that might make James Bond raise an eyebrow. It turns out that the Liquid Staking Module (LSM) of the Cosmos Hub, a key piece of tech crafted to tweak how things like staking and slashing work, could be hiding some serious security skeletons in its closet.
Now, here's the kicker: the folks behind this module have connections to North Korea. Yep, you heard it right. AiB, the brainchild of Cosmos, is waving a big red flag, pointing out that these developers might have slipped their code into the Cosmos Hub without a proper security pat-down.
Back in 2021, this module was cooked up under the watchful eye of Zaki Manian and his crew at Iqlusion, with a little help from Stride Labs, Binary Builders, and Informal Systems. But as the cosmic dust settles, we're left wondering if these contributors brought more than just code to the table.
In a twist worthy of a detective novel, an audit in July 2022 by Oak Security uncovered some glaring vulnerabilities, including sneaky ways to dodge slashing penalties. And guess who was tasked with fixing these holes? The same North Korean-linked devs who created them in the first place! Talk about letting the fox guard the henhouse.
Fast forward to March 2023, and Manian was chatting with the FBI about these dodgy ties but kept the community in the dark. Meanwhile, Stride Labs tried to patch things up in April 2023, but their efforts were more like a quick paint job rather than a full renovation.
Despite all the red flags, a proposal to integrate the LSM into the Cosmos Hub was given the green light in September 2023, a full 19 months after the last audit. It wasn't until October 2024 that Manian finally came clean about the whole North Korean connection, leaving everyone scratching their heads over the lack of transparency.
Jae Kwon isn't taking this lightly. He's calling for a full-blown audit of the LSM and demanding that everyone come clean about the North Korean-linked developers. He's also suggesting a blacklist for those pushing shady protocols and wants a solid process in place for auditing code before it makes its way to the Cosmos Hub.
Stay tuned, space cadets! This cosmic caper is far from over, and we'll be watching the stars for more revelations.
