★ Deployer wallet mixer-funded within 30 days
A dev identity & insider risk factor in the v1.7.0 rubric. Measured per protocol on a s cadence.
Methodology how we score #
**What this measures** This factor checks whether the wallet that deployed the protocol's primary contracts received funds via a privacy mixer — Tornado Cash, Railgun, or a comparable service — within the 30 calendar days prior to the deployment transaction. Measurement is programmatic: on-chain transaction graph analysis traces the deployer address back through its funding source, flagging any mixer cluster within a 30-day look-back window. Category 7 context: the mixer-funded deployer pattern is the single most reliable structural precursor to a deliberate rug or exit scam, as it establishes operational anonymity before the protocol receives user deposits.
**Why it matters** A deployer who funds their wallet through a mixer immediately before launch is making an active choice to sever the financial identity trail that would otherwise link the deployment to a real-world identity. Across the T-01 hack database this pattern appears in approximately eight in-sample cases with rug or insider-drain outcomes. While legitimate privacy-focused developers occasionally use mixers for personal transactions, the 30-day pre-deploy window narrows the signal to intentional pre-launch obfuscation rather than incidental mixing. The combination of mixer funding, pseudonymous team, and no audit is the highest-probability rug precursor combination in the dataset.
**Green / Yellow / Red** Green is scored when the deployer's funding history for the 30 days pre-deploy is fully traceable to identifiable on-chain sources — CEX withdrawal, ENS-linked wallet, or prior audited-protocol interactions. Yellow applies when funding is partially obscured (e.g., the deployer received funds from an intermediary wallet whose own history is opaque) but no direct mixer-cluster hop is confirmed within the window. Red is scored when on-chain analysis confirms a direct Tornado Cash, Railgun, or equivalent mixer withdrawal to the deployer address within 30 days of the first protocol deployment, triggering the critical flag.
**Common gray cases** Gray is assigned when the deployer address predates the protocol by many years and mixer interactions are present but outside the 30-day window, or when the mixer interaction is to a non-deployer address that subsequently funded the deployer through multiple intermediate hops exceeding the three-hop cluster definition.
**Notable historical examples** No cross-hacked incidents currently linked in database for this factor.
**★ Critical factor** A confirmed direct mixer-to-deployer funding event within 30 days of deployment is alone sufficient to trigger a D or F grade under rubric v1.7.0; it represents a deliberate choice to eliminate identity accountability before accepting user funds.
Measurement what to look for #
Determine whether the deployer wallet received funds via Tornado Cash, Railgun, or similar mixer within 30 days before the protocol's first deploy.