“Interchain Labs confirmed that between 2022 and 2024, one of the developers involved in working on the projects of the Cosmos ecosystem was related to North Korea. The Investigation Identified The Malicious Actor As An Engineer Employed by Former Core-Stack Maintenance Vendors Between 2022 and 2024, Prior to the Formation and Takeover of ICl […]”, – WRITE: Businessua.com.ua
Interchain Labs confirmed that between 2022 and 2024, one of the developers involved in working on the projects of the Cosmos ecosystem was related to North Korea.
The Investigation Identified The Malicious Actor As An Engineer Employed by Former Core-Stack Maintenance Vendors Between 2022 and 2024, Prior to the Formation and Takeover of.
This incident was Contained Through Structural Reforms. After…
– Interchain Foundation (@interchain_io) June 16, 2025
The participant worked on a third -party contractor even before the centralization of stack development. After transmitting Interchain Labs control, his access was blocked.
The developer acted under the pseudonym of Cool-Develope and had limited access to two repositories-Cosmos/IAVL and Cosmos/Cosmos-SDK. According to the joint audit of Interchain Labs, Security Alliance and Asymmetric Research, most of the changes he had not been released – they were rejected with the cancellation of SDK V2. No active vulnerability was detected.
In order to enhance Interchain Labs transparency, it has temporarily doubled the bugs on the Cosmos page at Hackerrone, in particular, for identifying potential problems related to the COOL-DELEPE code.
The company emphasized that the incident happened before the centralization of the development of stack under the direction of Interchain Labs. Subsequently, new personnel inspection protocols and access were introduced, which revealed the developer’s connection with the DPRK. Subsequently, he tried to re -settle in the project, but was rejected after the check.
“We have updated all the safety protocols, withdrew old access, redefined roles, changed the keys and strengthened control over the contributions to the repositories,” said ICL Barry Plankett.
According to him, security threats were not recorded, but the community was called for further verification. The code to which the developer had access will be completely rewritten in the new version of IAVL V2.
CEO Asymmetric Research Jonathan Claudius called the incident indicative:
“Open code ecosystems require constant proactive safety work. Cosmos is not the first ecosystem to which the attackers have penetrated and it will be the last ”
In October 2024, it was found out that the North Korean Programmers were written part of the code for the LSM module (LSM). Then Cosmos co -founder Je Kwon accused CEO Iqlusion Zaki Mania (LSM developer) in negligence – he hid the fact of the incident from the community.
We will remind, according to Silent Push report, the Contagious Interview group, connected with the North Korean Hacker Organization of Lazarus, registered three false companies for the distribution of harmful software.
The gun
Please wait …