Interchain Labs: North Korea-linked attackers accidentally introduced, no security issues found and bounty doubled

Odaily Planet News - Interchain Labs has confirmed that an individual later identified as being associated with North Korea contributed to the Cosmos code repository during the period from 2022 to 2024 while employed by a former maintainer. The individual had limited access to the cosmos/IAVL and cosmos/cosmos-sdk repositories, and most of their contributed code has been deprecated or excluded from the roadmap. An independent audit found no risk vulnerabilities. To support transparency, ICL will provide a one-month double bounty on the Cosmos HackerOne page for discovering vulnerabilities related to the participant's GitHub account. After taking over core stack development, ICL implemented new security protocols, blocking further contributions from this person and rejecting their subsequent job applications. ICL has conducted security upgrades on all Cosmos core repositories and will deprecate related code libraries in the future. This incident highlights the need for rigorous security procedures in Web3 and broader technology fields. (The Block)