★ Deployer linked within 3 hops to DPRK/Lazarus
Convex Finance's assessment for RD-F-125 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
No OFAC SDN designation for deployer 0x947B7742 or c2tp.eth signer 0xAAc0aa431c237C2C0B5f041c8e59B3f1a43aC78F. No Chainalysis public report, Arkham label, or Nansen label links the Convex deployer or any named team member to DPRK/Lazarus cluster. Web search 'Convex Finance C2tP DPRK Lazarus North Korea' returns zero protocol-specific results. OZ 2021 disclosure raises anonymous-team concerns but no nation-state affiliation. The July 2023 Curve/Vyper attacker wallets that drained pools where Convex held LP positions are NOT team proximity (per U4 instruction: external attacker using cvxCRV as drain venue is not team contamination; route to Cat 5/11 only). Not triggered. Note: 2-hop and 3-hop traces require Chainalysis API access not available; assessed on best available public evidence.
Sources #
- URLOFAC Sanctions SearchOFAC SDN List search for Convex Finance, C2tP, and associated addresses; no designations foundretrieved 2026-05-16
- $15 Billion Rugpull Vulnerability Uncovered and Resolved - OpenZeppelinOpenZeppelin vulnerability disclosure; notes anonymous team but raises no nation-state affiliation concernsretrieved 2026-05-16
Methodology #
Determine whether the deployer address has an on-chain path of ≤3 hops to a Chainalysis/OFAC DPRK-labeled cluster address.
See the full factor methodology and distribution across all protocols →