When liquid staking was first introduced, I had to deposit unstaked ATOM in Stride to get stATOM. This preserved the time based 3 week security feature of the staking lockup for a wallet owner. In other words, if someone hacked into my computer or somehow got a hold of my private keys and recreated the wallet on his computer and wanted to transfer my ATOM to his wallet, he had to first unstake the coins. The unstaking period being 3 weeks, I have ample time to discover that my wallet is tampered with and “cancel” the unstaking process. My only losses would be the loss of staking rewards for the amount of time the ATOM tokens were unstaked, but my principal would be preserved.
A couple of months ago Stride introduced a feature where I could deposit my STAKED ATOM to get stATOM. This now makes my coins vulnerable to stealing. Someone could recreate my wallet, or hack into my computer and then deposit my staked ATOM to Stride, obtain stATOM and then send himself the now very liquid and sendable stATOM.
My staked ATOM holdings went from super secure to super insecure. Previously I could hand over my keys to other people and they still couldn’t touch my ATOM because it was locked up for 3 weeks and I could cancel any attempts at unbonding. Now this is not so.
I want the previous level of wallet security restored. I don’t want to roll back what was done already but I want ATOM and other chains to somehow be able to block liquid staking of staked tokens on a per address basis. I want to be able to go to Stride or Cosmos Hub or wherever it makes sense to implement this and say “Block liquid staking”. If I want to unblock liquid staking feature, then I can select “unblock liquid staking” and it takes 3 weeks or whatever the staking lockup period for the chain is for the unblocking to happen.
The implementation of liquid staking of staked ATOM on Stride was done in haste and all security aspects of this feature were not considered properly. I understand how hedge funds and professional money managers would want that feature and that is fine. But for retail users, this is a huge security hole that needs to be rectified as soon as possible.
You can already lock the Liquid Staking feature. The only UI I am aware of currently is offered by Cosmos Rescue here: Cosmos Rescue
Please note that if you want to unlock it again, you will need to wait 21 days before you’re able to liquid-stake immediately again.
If your concern is security, please also be aware that if an attacker had access to your seed phrase, they would be able to trigger the unlock “quietly” (i.e. you wouldn’t probably notice unless you actively check the status of the lock on your wallet), wait 21 days, then liquid-stake all your staked assets. So my suggestion is to check maybe once a week that it’s not in “unlocking” status.
Finally, I am currently working on a new interface dedicated to the Liquid Staking module, you can follow @moonkitt_lab on Twitter to be informed when it is released (hopefully within the next 2 weeks or so).
Yeah this is already implemented, if AADAO wants to throw some money around for it then give it to Cosmos Rescue because they built this about 2 weeks after LSM launched.
Can this be integrated in Keplr? Also is it possible to “cancel” the unlock (the way you can cancel an unbonding action)?
Best UI for this is to be displayed straight up In Keplr. In the “Staked” tab, you can simply have a column with a checkbox next to each coin that is in “locked” and “unlocked” states.
Yes, I confirm that you can “cancel” the unlock. You just need to sign the same “DisableTokenizeShares” transaction, and it will automatically lock it back.
Regarding integrating in Keplr, I am not a Keplr (or Leap, etc.) dev, but I suppose you can send them a feature request, and then wait to see if they agree to do so.
I think the wallet is a good place to monitor this setting because I am there every week for other reasons (voting or managing rewards). Maybe the wallet can just have a link to the Cosmos Rescue site for the lock/unlock actions, like a “Manage LST locks” link at the bottom of the “Staked” tab. I will submit a request to Keplr.