My wallet was compromised and the hacker unbounded my staking of cosmos on the exodus wallet before the 20 days unstaking period ended. How is that even possible? Somehow they minted a new coin called iAtom but the original atom actually were still staking. Do you know if these coins are being staked somewhere else or if it is completely lost. I am also interested on how they actually did that. I think you guys have the right technical knowledge.
Is that a security issue or is it really possible to unstake before the 20days period?
That is my wallet and it happened on 21 July.
cosmos1g7wgd7pl25gv9sh2cjjluc6qk7tasdm25xhw5g
they used liquid staking module - it allows to turn your staked atom into liquid atom instantly.
it is a feature that can be disabled on the chain level, so for the future wallets you could consider disabling it if you are not actively using liquid staking.
The limitation at the time seemed to be that the implication of doing it, enable/disable it.. etc should be made at the user interface level, the wallet like Keplr, leap.. etc (which is kind of false considering cosmosrescue simple tool)
Tagging @Mag We need to be more close to wallet integrator to push this kind of stuff
The logical would be that LSM is disable by default, and if an experience user wants to activate it, he can do it directly from keplr. The LSM would be activate after a 21 days period (so if the case where a hacker do activate it without you consent, at least you get the same amount of time to counter it), then after that period he is free to use it as much as he wants. With off course in-app notification on when the feature is activate or disactivate.
By the way, thank you CosmosRescue , I’m def gonna to disable it through your website, thank you for providing this as I have no clue how to use the cli commands
