The developers of Cosmos, a distributed ledger technology (DLT)-based platform for facilitating communication and transactions between separate blockchain networks, have published a comprehensive disclosure of a “critical security vulnerability” which was identified last month.
Vulnerability Would Have Allowed Hackers to Bypass Penalties for Malicious Conduct
The vulnerability found in Cosmos’ codebase would have allowed hackers to circumvent various penalties for misconduct on the leading blockchain interoperability network. Commenting on the nature of the critical software bug, Zaki Manian, Director at Tendermint Inc. (a for-profit commercial entity responsible for the initial development of the Cosmos platform), remarked:
"The key is we want to make it really difficult to misbehave on the network and then un-stake your tokens immediately and escape the consequences of that misbehavior…like voting for something bad in governance [or] the more complex things are double signage against an exchange to potentially reverse state."