★ Deployer linked within 3 hops to DPRK/Lazarus
Chainlink CCIP's assessment for RD-F-125 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
No OFAC SDN listing for Chainlink Labs, Sergey Nazarov, Steve Ellis, or any Chainlink entity. No Chainalysis-labeled Lazarus cluster linkage at deployer EOA or identified funding hops. OSINT search combining 'Chainlink Labs' + DPRK/Lazarus/North Korea developer 2024-2025 returned zero adverse results. Chainlink Labs achieved ISO 27001 + SOC 2 Type 2 (Deloitte-audited) certifications implying third-party-verified security management. U4 applied: CCIP being used as drain-venue by attackers in unrelated exploits does NOT flag F125 — belongs in Cat 5/Cat 11.
Sources #
- EtherscanDeployer EOA | Etherscan — no OFAC/Lazarus labelDeployer EOA 0x5c19826...89414 and 1-hop funder 0x61E5E1ea8... — no OFAC/Lazarus labels on Etherscanretrieved 2026-05-16
- Chainlink Services Achieve ISO 27001 and SOC 2 ComplianceChainlink ISO 27001 + SOC 2 certifications — independent Deloitte audit of ISMS covering CCIPretrieved 2026-05-16
- ZachXBT DPRK developer infiltration report — Chainlink Labs not mentionedOSINT search: Chainlink Labs DPRK Lazarus North Korea developer 2024 2025 — zero results linking Chainlink Labs to DPRK clusterretrieved 2026-05-16
Methodology #
Determine whether the deployer address has an on-chain path of ≤3 hops to a Chainalysis/OFAC DPRK-labeled cluster address.
See the full factor methodology and distribution across all protocols →