Cosmos Under Siege: Has North Korea Infiltrated the Liquid Staking Module?
Crypto professionals are no strangers to complex security issues, but recent developments surrounding Cosmos raise the bar. An investigation revealed North Korean operatives infiltrating crypto firms, sending the bulk of their earnings straight to the regime. This isn’t just another security concern—it’s a strategic breach, with implications for the Cosmos ecosystem itself.
The Liquid Staking Module: A North Korean Trojan Horse in Cosmos?
The Liquid Staking Module (LSM), designed by Zaki Manian’s team at Iqlusion, was meant to enhance capital efficiency by enabling tokenized staking. But instead of revolutionizing staking, it may have invited North Korean operatives right through the front door.
It turns out that two developers involved in the LSM project—Jun Kai and Sarawut Sanit—were linked to the North Korean regime, their identities concealed until much later.
Deployed in September 2023, the LSM was intended to transform staking for Cosmos.
Yet a year later, Cosmos finds itself entangled in a major security scandal, after revelations that critical parts of its code were developed by these two North Korean agents.
If you think that sounds like a worst-case scenario, you might be right…
Our findings confirm that the majority of the LSM code, including critical sections, was written by two developers with confirmed ties to North Korea: Jun Kai and Sarawut Sanit.
North Korea’s Infiltration Exposes Flaws in Cosmos Governance
Jae Kwon didn’t mince words in his October 15th disclosure. He criticized the lax approach taken by Zaki Manian and Iqlusion, particularly after the FBI flagged the developers in March 2023. Manian, rather than addressing the problem head-on, proceeded as if nothing had happened—an oversight that could have catastrophic consequences.
This incident highlights a critical weakness in decentralized governance: the lack of rigorous oversight. When developers connected to North Korea are tasked with patching vulnerabilities, the entire ecosystem is at risk. The LSM isn’t just another module—it’s deeply integrated into Cosmos, meaning any security breach here puts the entire network, including ATOM tokens, in jeopardy.
Our findings confirm that the majority of the LSM code, including critical sections, was written by two developers with confirmed ties to North Korea: Jun Kai and Sarawut Sanit.
Kwon’s call for a complete audit and stricter security protocols comes none too soon. Without decisive action, Cosmos might just be the beginning.
The Cosmos breach underscores the need for tighter security in the crypto world. With 2crypto, transparency and trust are at the core, ensuring your assets are protected in an increasingly vulnerable landscape.
Learn more : Coindesk’s investigation, Cosmos Github…