Sorry that you lost your fund
Using this post to reiterate LSM should be set to OFF by default , and many members of the community think that way
Re sharing my opinion :
The limitation at the time seemed to be that the implication of doing it, enable/disable it.. etc should be made at the user interface level, the wallet like Keplr, leap.. etc (which is kind of false considering cosmosrescue simple tool)
Tagging @Mag We need to be more close to wallet integrator to push this kind of stuff
The logical would be that LSM is disable by default, and if an experience user wants to activate it, he can do it directly from keplr. The LSM would be activate after a 21 days period (so if the case where a hacker do activate it without you consent, at least you get the same amount of time to counter it), then after that period he is free to use it as much as he wants. With off course in-app notification on when the feature is activate or disactivate.
By the way, thank you CosmosRescue , I’m def gonna to disable it through your website, thank you for providing this as I have no clue how to use the cli commands 