★ Deployer linked within 3 hops to DPRK/Lazarus

Ethena's assessment for RD-F-125 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

[★ CRITICAL — GREEN, medium confidence] No evidence of deployer wallet proximity to DPRK/Lazarus cluster found in OFAC SDN list, Chainalysis published cluster reports, or web OSINT. The Kelp DAO April 2026 LayerZero exploit (attributed to Lazarus/UNC4736 by The Block/LayerZero) caused Ethena to pause its OFT bridge as a precautionary measure — this is DPRK as an external attacker against ecosystem infrastructure, not a team-side linkage. ETH Rangers/Ethereum Foundation DPRK developer exposure initiative has not publicly named Ethena Labs as a target as of 2026-04-28. The Drift Protocol UNC4736 $285M April 2026 attack (6-month social-engineering) is not linked to Ethena. No team member or deployer wallet connection to DPRK cluster confirmed. No discretionary F downgrade required.

Sources #

URL
ETH Rangers: 100 DPRK developers in crypto — Ethena not namedhttps://crypto.news/ethereum-foundation-funded-project-exposes-100-dprk-developers-operating-in-crypto/retrieved 2026-04-28
URL
LayerZero says North Korea's Lazarus likely behind Kelp DAO exploit | The Blockhttps://www.theblock.co/post/398028/layerzero-kelp-dao-lazarusretrieved 2026-04-28
URL
Drift $285M crypto theft linked to 6-month in-person DPRK operationhttps://www.bleepingcomputer.com/news/security/drift-280m-crypto-theft-linked-to-6-month-in-person-operation/retrieved 2026-04-28

Methodology #

Determine whether the deployer address has an on-chain path of ≤3 hops to a Chainalysis/OFAC DPRK-labeled cluster address.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol ethena factor RD-F-125 score green collected_at 2026-04-28 13:58:51