defirisk.co
rubric v1.7.0

Known-threat-actor cluster has touched protocol

Cap (cUSD / stcUSD)'s assessment for RD-F-158 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

T-09 phase-2 signal (advisory, tier-C). No known threat-actor wallet interaction with Cap found in public sources. Web searches for 'cap.app' + 'Lazarus' / 'DPRK' / 'threat actor' / 'attacker' returned zero Cap-specific attribution results (only general DPRK crypto-crime trend articles). Zero protocol-level incidents per profile §10. Data cache rekt entries (Radiant Capital x2, Rari Capital, Midas Capital x2) are all false positives per U-rule U22 (keyword match, unrelated protocols). Requires partner feed (Chainalysis/TRM) for live monitoring; public-proxy observation is clean. Note: an adversary *using* cUSD as a venue (e.g., borrowing from Cap post-exploit) would be a Cat 5 / Cat 11 yellow at most, not team contamination — per U4/U15 distinction.

Sources #

  • URL
    Hacker News — Lazarus Group coverage (no Cap-specific results found)Web search: 'cap.app Lazarus DPRK threat actor 2025 2026' — no Cap-specific resultsretrieved 2026-05-17
  • Internal
    Cap protocol profile — no incidents, rekt false positives.research/protocols/cap/00-profile.md §10 (zero protocol-level incidents) and §11 (rekt cache false positives)retrieved 2026-05-17

Methodology #

Detect whether an address from the curator-maintained threat-actor cluster (past exploiters, labeled attacker families) interacted with this protocol in the last 30 days.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol cap factor RD-F-158 score green collected_at 2026-05-17 10:56:24