This content is provided by a sponsor.
New York City, United States – Monday, 16th June, 2025 – Interchain Labs (ICL), in collaboration with the Security Alliance (SEAL) and Asymmetric Research (AR), has published a security report on past contributions to Cosmos repositories by an individual later identified as linked to the Democratic People’s Republic of Korea (DPRK). This individual was employed by former Core Stack maintenance vendors from mid-2022 to November 2024, before ICL was established and the third-party maintenance model was retired. Following ICL’s formation and takeover in full of all core stack development responsibilities, new security and hiring protocols were introduced that surfaced the issue and prevented further contributions. The report confirmed that there are no immediate or future risks to the Cosmos architecture as a result of these past contributions.
Once the actor was identified – ICL and AR took proactive security action to ensure risks of persistent access were guarded against, together with removing unnecessary contributors. The implementation of ICL’s secure hiring policies resulted in the re-identification of this actor as a new attempted job applicant to ICL his rejection.
The report itself found that the individual’s contributions and access under previous maintainers had been limited to the following repositories:
- cosmos/IAVL
- cosmos/cosmos-sdk
After being made aware of the individual’s identity, ICL launched a comprehensive investigation in collaboration with Asymmetric Research (AR), reviewing all contributions—regardless of deployment status. These reviews concluded that nearly all SDK code authored by this actor had already been deprecated or excluded from the roadmap during ICL’s post-reorg transition, especially as a result of the cancellation of SDK v2. In review of already released IAVL and Cosmos SDK contributions, no risks or vulnerabilities were found after extensive multi-party independent audits.
Since February, ICL has been executing a series of security upgrades across all Cosmos core repositories. These include revoking legacy access, re-permissioning all contributors, rotating credentials, and securing any integrations or token configurations. GitHub permissions were systematically hardened through rulesets enforcing uniform branch protection and extended audit capabilities across the entire Cosmos GitHub organization. These measures have been reinforced in the wake of this incident.
To promote continued security and transparency, ICL is inviting the community to participate in surfacing any overlooked issues associated with the individual. For the next month, Cosmos’ HackerOne page will offer doubled bounty rewards for any qualifying vulnerability associated with the GitHub account “cool-develope.”
Barry Plunkett, Co-CEO of Interchain Labs, said: “Incidents like this showcase the urgent need for more widely adopted and rigorous security procedures, not just within the Web3 ecosystem but across the broader tech landscape. Transparency and security are our top priority within the Cosmos ecosystem. Since unifying the development of the Cosmos Stack under ICL this year, we’ve updated and enforced rigorous security standards across the stack. This enabled us to prevent any further contributions from the individual involved under our leadership. While we have found no indication of malicious code contributed by the DPRK actor, we are incentivizing further community review through our bounty program, and will be completely deprecating the codebase through our planned release of IAVL v2 which is a full rewrite.”
With the consolidation of all contributions to the Cosmos Stack now concentrated under Interchain Labs, the Foundation can implement more efficient security practices and enforce human-resources guardrails to provide the entirety of the stack with a blanket defence against infiltration, eliminating reliance on third-party providers with varying risk tolerance. This progress showed quickly, when the same actor attempted to re-apply under a new alias to the ICL for an engineering role earlier this year, and was rejected when flagged as a potential malicious actor.
Jonathan Claudius, from Asymmetric Research, said: “This case serves as a reminder that open-source ecosystems require proactive, continuous security. Cosmos isn’t the first ecosystem to be infiltrated by malicious actors and won’t be the last. Transparency not only builds trust, but surfaces lessons that others can apply to strengthen their own systems. These learnings benefit the broader ecosystem and reinforce the importance of layered, collaborative defense strategies. An intensified focus on proactive security, along with initiatives such as the Security Alliance, will help make the web3 space stronger and more resilient.”
Barry Plunkett and Brandon Pate are available for comment
About the Interchain Labs:
Interchain Labs is the development and growth team for Cosmos, a decentralized network of independent, scalable, sustainable, and interoperable blockchains. Cosmos is one of the largest blockchain ecosystems, with more than 250 apps and services and over $41 billion USD market cap. Interchain Labs leads development for the Cosmos Hub, Cosmos ecosystem, and Interchain Stack – a software suite for building blockchains. Interchain Labs is striving to build a more free and fair internet with the Cosmos platform at the core. For further information, visit https://interchain.io/.
About AR
Asymmetric Research (AR) is a boutique security venture specializing in long-term partnerships with L1/L2 blockchains and DeFi protocols. Its core work spans four key domains of web3 security: research, incident response, engineering, and infrastructure services. AR helps teams build resilient systems, strengthen security posture, and proactively address emerging threats.
About SEAL
SEAL is a coalition of leading security teams and protocols in web3, working together to raise the standard of blockchain security through collaboration, information sharing, and rapid response. By aligning incentives and establishing shared frameworks, SEAL protects the ecosystem from threats and exploits, fostering a safer, more resilient future for decentralized technologies.
For media queries, please contact: interchain@wachsman.com
_________________________________________________________________________
Bitcoin.com accepts no responsibility or liability, and is not responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in the article.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
