defirisk.co
rubric v1.7.0

Known-threat-actor cluster has touched protocol

Beefy Finance's assessment for RD-F-158 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

T-09 phase-2 advisory-only signal (tier-C). No public Chainalysis/TRM/OFAC report links a known threat-actor cluster to Beefy vault interactions. The 2024 Sonne Finance exploit involved attackers potentially routing funds through Optimism — Beefy suspended its 9 Sonne vaults defensively; any attacker routing through Beefy constitutes indirect pass-through (Cat 11 U4: attacker routing through protocol is NOT team contamination). No DPRK-attributed cluster interaction with Beefy core contracts found in public data. Cannot confirm or deny without licensed Chainalysis private cluster feed.

Sources #

  • URL
    Beefy on X — Sonne Finance responseBeefy response to Sonne Finance exploit — suspended vaults, no attacker-team linkretrieved 2026-05-16
  • Internal
    Beefy data cache — Rekt00-data-cache.json — rekt.incidents: [] (no direct Beefy incidents attributable to threat actor)retrieved 2026-05-16

Methodology #

Detect whether an address from the curator-maintained threat-actor cluster (past exploiters, labeled attacker families) interacted with this protocol in the last 30 days.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol beefy factor RD-F-158 score gray collected_at 2026-05-16 13:10:30