Interchain Labs (ICL) has revealed that a contributor linked to North Korea was involved in the Cosmos codebase development from 2022 to 2024. The individual, who had limited access to the cosmos/IAVL and cosmos/cosmos-sdk codebases, contributed code that has since been deprecated or excluded from future plans. Independent audits have confirmed no security vulnerabilities were introduced. In response to the discovery, ICL has doubled the bounty on the Cosmos HackerOne page for one month to encourage the identification of any vulnerabilities related to the contributor's GitHub account. Following the incident, ICL has implemented enhanced security protocols and rejected the individual for further positions. The company has also upgraded security across all Cosmos core codebases and plans to deprecate related codebases, underscoring the importance of stringent security measures in the Web3 sector.