Cosmos SDK - GitHub Contributor - Malicious Actor
Contents
# Cosmos SDK - GitHub Contributor - Malicious Actor - 2025-05-05
## What happened?
Between summer 2022 and November 2024, a GitHub contributor operating under the alias cool-develope contributed to several Cosmos repositories while affiliated with a DPRK IT operation. This individual was employed by previous Core Maintainer teams (Regen Network Development, and Binary Builders) unknowingly, under the legacy third-party core stack maintenance model, prior to the formation of Interchain Labs (ICL).
When ICL assumed formal responsibility for the Cosmos Core Stack in November 2024, this third-party maintenance model was deprecated, and all development was concentrated back on ICL as the sole development group. ICL introduced rigorous security policies, hiring protocols, and access controls. These changes ultimately led to the identification and removal of the actor.
A full investigation, conducted in partnership with Asymmetric Research (AR), has since confirmed that no active vulnerabilities or malicious code exist in the Cosmos Core Stack as …
## What happened?
Between summer 2022 and November 2024, a GitHub contributor operating under the alias cool-develope contributed to several Cosmos repositories while affiliated with a DPRK IT operation. This individual was employed by previous Core Maintainer teams (Regen Network Development, and Binary Builders) unknowingly, under the legacy third-party core stack maintenance model, prior to the formation of Interchain Labs (ICL).
When ICL assumed formal responsibility for the Cosmos Core Stack in November 2024, this third-party maintenance model was deprecated, and all development was concentrated back on ICL as the sole development group. ICL introduced rigorous security policies, hiring protocols, and access controls. These changes ultimately led to the identification and removal of the actor.
A full investigation, conducted in partnership with Asymmetric Research (AR), has since confirmed that no active vulnerabilities or malicious code exist in the Cosmos Core Stack as …