A GitHub contributor using the alias cool-develope contributed to Cosmos Core Stack repositories between summer 2022 and November 2024 while affiliated with a DPRK IT operation. The activity affected cosmos-sdk, iavl, and cosmos-db under a legacy third-party maintenance model, but Interchain Labs and Asymmetric Research found no active vulnerabilities, malicious code, or suspicious behavior in reviewed commits, binaries, or CI artifacts. The contributor retained limited access until February 2025 because of uneven historical offboarding practices, after which ICL revoked legacy access, rotated credentials, disabled deploy keys, enforced GitHub protections, and centralized administration. Most SDK pull requests were tied to a deprecated store/v2 effort, while IAVL changes were audited by multiple teams and assessed as non-malicious. The incident matters because it shows DPRK IT operations seeking trusted maintainer access in critical Web3 infrastructure even when no compromise is ultimately found.