Known-threat-actor cluster has touched protocol

ether.fi's assessment for RD-F-158 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No confirmed known-threat-actor wallet cluster interaction with ether.fi protocol core contracts identified in public data. KelpDAO ($292M Lazarus, Apr 18 2026) used rsETH (peer LRT) — same sector, same LayerZero OFT architecture, but no direct ether.fi touch confirmed. Signal requires licensed CTI feed; public-proxy observation: no confirmed interaction.

Sources #

Curator note
LiquidityPool — no attacker interaction observedRequires licensed Chainalysis/TRM feed for confirmed cluster interaction assessment; no public data confirms ether.fi-specific touchretrieved 2026-04-28
URL
LayerZero pins KelpDAO hack on Lazarus Group — DecryptLayerZero attributes KelpDAO $292M exploit to Lazarus/DPRK; ether.fi is peer LRT but not directly targetedretrieved 2026-04-28

Methodology #

Detect whether an address from the curator-maintained threat-actor cluster (past exploiters, labeled attacker families) interacted with this protocol in the last 30 days.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol ether-fi factor RD-F-158 score green collected_at 2026-04-28 13:58:46