AInvest Newsletter
Daily stocks & crypto headlines, free to your inbox
Interchain Labs Identifies DPRK Linked Social Engineering Attempt, Strengthens Security
Coin WorldMonday, Jun 16, 2025 9:17 am ET
2min readInterchain Labs (ICL), in collaboration with the Security Alliance (SEAL) and Asymmetric Research (AR), has released a comprehensive security report detailing a contained social engineering attempt linked to the Democratic People’s Republic of Korea (DPRK). The report confirms that there is no impact on the security of the Cosmos Stack as a result of these past contributions.
The individual in question was employed by former Core Stack maintenance vendors from mid-2022 to November 2024. Following the establishment of
and the retirement of the third-party maintenance model, new security and hiring protocols were introduced. These protocols identified the issue and prevented further contributions from the individual. The report highlights that the individual’s contributions and access under previous maintainers were limited to specific repositories, namely cosmos/IAVL and cosmos/cosmos-sdk.Upon identifying the individual, ICL and AR took proactive security measures to guard against risks of persistent access and removed unnecessary contributors. The implementation of ICL’s secure hiring policies resulted in the re-identification of this actor as a new attempted job applicant to ICL, leading to his rejection. A comprehensive investigation was launched, reviewing all contributions regardless of deployment status. The reviews concluded that nearly all SDK code authored by this actor had already been deprecated or excluded from the roadmap during ICL’s post-reorg transition, especially due to the cancellation of SDK v2. Extensive multi-party independent audits found no risks or vulnerabilities in the already released IAVL and Cosmos SDK contributions.
Since February, ICL has been executing a series of security upgrades across all Cosmos core repositories. These upgrades include revoking legacy access, re-permissioning all contributors, rotating credentials, and securing any integrations or token configurations. GitHub permissions were systematically hardened through rulesets enforcing uniform branch protection and extended audit capabilities across the entire Cosmos GitHub organization. These measures have been reinforced in the wake of this incident.
To promote continued security and transparency, ICL is inviting the community to participate in surfacing any overlooked issues associated with the individual. For the next month, Cosmos’ HackerOne page will offer doubled bounty rewards for any qualifying vulnerability associated with the GitHub account “cool-develope.”
Barry Plunkett, Co-CEO of Interchain Labs, emphasized the urgent need for more widely adopted and rigorous security procedures within the Web3 ecosystem and beyond. He stated that transparency and security are top priorities within the Cosmos ecosystem. Since unifying the development of the Cosmos Stack under ICL, rigorous security standards have been updated and enforced across the stack, enabling the prevention of any further contributions from the individual involved. While no indication of malicious code contributed by the DPRK actor was found, ICL is incentivizing further community review through its bounty program and plans to completely deprecate the codebase through the planned release of IAVL v2, which is a full rewrite.
With the consolidation of all contributions to the Cosmos Stack now concentrated under Interchain Labs, the Foundation can implement more efficient security practices and enforce human-resources guardrails. This progress was evident when the same actor attempted to re-apply under a new alias to ICL for an engineering role earlier this year and was rejected when flagged as a potential malicious actor.
Jonathan Claudius from Asymmetric Research highlighted that this case serves as a reminder that open-source ecosystems require proactive, continuous security. He noted that transparency not only builds trust but also surfaces lessons that others can apply to strengthen their own systems. These learnings benefit the broader ecosystem and reinforce the importance of layered, collaborative defense strategies. An intensified focus on proactive security, along with initiatives such as the Security Alliance, will help make the web3 space stronger and more resilient.
Disclaimer: The news articles available on this platform are generated in whole or in part by artificial intelligence and may not have been reviewed or fact checked by human editors. While we make reasonable efforts to ensure the quality and accuracy of the content, we make no representations or warranties, express or implied, as to the truthfulness, reliability, completeness, or timeliness of any information provided. It is your sole responsibility to independently verify any facts, statements, or claims prior to acting upon them. Ainvest Fintech Inc expressly disclaims all liability for any loss, damage, or harm arising from the use of or reliance on AI-generated content, including but not limited to direct, indirect, incidental, or consequential damages.
Comments
No comments yet