Interchain Labs: Former Cosmos maintainer unintentionally introduces North Korean affiliate, no security issues found, and doubles bounty

According to The Block, Interchain Labs has confirmed that an individual later identified as related to North Korea contributed to the Cosmos codebase while employed by a former maintainer between 2022 and 2024. The individual only has limited access to two code repositories, Cosmos/IAVL and Cosmos/Cosmos SDK. Most of their contributed code has been deprecated or excluded from the roadmap, and independent audits have not identified any risk vulnerabilities. To support transparency, ICL will provide a one month double bounty on the Cosmos HackerOne page for discovering vulnerabilities related to the participant's GitHub account. After ICL took over the development of the core stack and implemented a new security protocol to prevent further contributions, the person's reapplication for the position was rejected. ICL has upgraded the security of all Cosmos core code repositories and will abandon related code repositories in the future. This incident highlights the demand for strict security procedures in Web3 and the broader technology field.