defirisk.co
rubric v1.7.0

Known-threat-actor cluster has touched protocol

BENQI's assessment for RD-F-158 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Known-threat-actor wallet proximity signal (v1 phase 2, tier-C advisory). No confirmed DPRK/Lazarus wallet touch on BENQI contracts in public on-chain data as of 2026-05-16. However: (1) Lazarus Group used Avalanche C-Chain as a laundering route in the Atomic Wallet 2023 hack — WETH bridged to Avalanche, swapped to WBTC, bridged to Bitcoin (TRM Labs Bybit hack report documents Avalanche as a documented DPRK money-flow route); (2) BENQI is the dominant Avalanche DeFi lending and LST venue, making it a natural reconnaissance target within the observed operational theatre; (3) Kelp DAO April 2026 ($292M) attributed to Lazarus — consistent Lazarus targeting of DeFi lending/bridge protocols; (4) per methodology U4 instruction: any DPRK venue-use → F158 yellow (Cat 11), not team contamination. BENQI has Chainalysis CIR partnership (Nov 2023) providing team-side access to threat-actor monitoring; dashboard does not yet have equivalent licensed feed access for independent confirmation. Definit

Sources #

Methodology #

Detect whether an address from the curator-maintained threat-actor cluster (past exploiters, labeled attacker families) interacted with this protocol in the last 30 days.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol benqi factor RD-F-158 score yellow collected_at 2026-05-16 11:02:12