Known-threat-actor cluster has touched protocol

Aerodrome Finance's assessment for RD-F-158 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Cat 11: known-threat-actor cluster has touched protocol. CTI feed (Chainalysis/TRM private clusters) not publicly accessible for dry-run. The three historical frontend attacks (2023 Ã—2, 2025-11-21) were attributed to domain registrar social engineering / NameSilo insider threat â€” not known on-chain threat-actor clusters interacting with smart contracts. No public threat-intelligence report attributes Lazarus/APT38/known DeFi attacker clusters to Aerodrome contract interactions. Public-proxy observation: negative. Signal requires CTI feed.

Sources #

URL
Aerodrome Finance Hack Explanation â€” HalbornHalborn: 'Explained: The Aerodrome Finance Hack (November 2025)' â€” attributes attack to NameSilo insider threat, not on-chain threat actor clusterretrieved 2026-05-04

Methodology #

Detect whether an address from the curator-maintained threat-actor cluster (past exploiters, labeled attacker families) interacted with this protocol in the last 30 days.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol aerodrome factor RD-F-158 score gray collected_at 2026-05-04 19:56:03