Known-threat-actor cluster has touched protocol

deBridge's assessment for RD-F-158 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

**Phase:** v1 phase 2 · Tier C (advisory only — never flips letter grade solo) **Threshold:** Address from threat-actor cluster interacted with the protocol within last 30 days AND cluster has ≥1 confirmed exploit attribution AND interaction is a state change or non-trivial read. **Finding:** *Layer 1 — Direct team targeting (August 2022):* Lazarus Group conducted a targeted spear-phishing campaign against deBridge employees on August 5, 2022. The attack spoofed co-founder Alex Smirnov's emai...

Sources #

URL
https://www.coindesk.com/business/2022/08/05/north-koreas-lazarus-hackers-blamed-in-debridge-finance-cyberattackretrieved 2026-05-06
URL
https://www.trmlabs.com/resources/blog/north-korean-hackers-attack-drift-protocol-in-285-million-heistretrieved 2026-04-28
URL
https://www.halborn.com/blog/post/attempted-debridge-hack-underscores-threat-of-phishing-attacksretrieved 2026-04-28
URL
https://www.coindesk.com/business/2022/08/05/north-koreas-lazarus-hackers-blamed-in-debridge-finance-cyberattackretrieved 2026-04-28
URL
https://www.elliptic.co/blog/drift-protocol-exploited-for-286-million-in-suspected-dprk-linked-attackretrieved 2026-04-28

Methodology #

Detect whether an address from the curator-maintained threat-actor cluster (past exploiters, labeled attacker families) interacted with this protocol in the last 30 days.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol debridge factor RD-F-158 score red collected_at 2026-04-28 01:27:58