ICL confirms that an individual associated with North Korea contributed to the Cosmos codebase. Their code has been removed and there is no residual risk.

Gate News bot news, Interchain Labs (ICL) has confirmed that an individual later identified as having connections to North Korea was employed by former maintainers during the period from 2022 to 2024 and contributed to the Cosmos codebase.

This Cosmos core developer collaborated with the Security Alliance (Security Alliance) and Asymmetric Research to release a security report, confirming that the individual has limited access to two codebases: cosmos/IAVL and cosmos/cosmos-sdk. The review found that after the deprecation of SDK v2, most of the code he contributed has been deprecated or removed from the roadmap, and the independent audit found no remaining risks or vulnerabilities.

However, to improve transparency, ICL will offer double rewards on the Cosmos HackerOne page next month for anyone who discovers any eligible vulnerabilities related to the participant's GitHub account "cool-develope."

Specifically, the individual worked for a former core stack maintenance provider from mid-2022 until November 2024, before the establishment of ICL and the end of the Cosmos third-party maintenance model. ICL stated in a statement that after taking over all core stack development, the team implemented new security and hiring protocols, which led to the discovery of this issue and prevented further contributions from the individual. The same person later applied for a position again but was flagged and rejected.

ICL stated that since February, it has implemented comprehensive security upgrades across all core Cosmos repositories, including revoking old access permissions, re-licensing all contributors, rotating credentials, and enhancing audit controls.

Source: The Block