defirisk.co
rubric v1.7.0

Known-threat-actor cluster has touched protocol

Euler V2's assessment for RD-F-158 — scored not_assessed on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

[downgraded: only curator_note evidence] Chainalysis (2023) documented 100 ETH from Euler V1 exploiter to Ronin/Lazarus-linked address. Attribution confidence: low-medium (Chainalysis noted possible false flag). V1 exploiter money, not Lazarus wallet touching V2 contracts. No confirmed DPRK cluster interaction with V2. Yellow due to V1 tangential Lazarus link and protocol class being within DPRK target preference (large EVM lending).

Sources #

  • Curator note
    Chainalysis: 100 ETH V1 exploiter->Lazarus-linked address (2023)retrieved 2026-05-04
  • Curator note
    cryptopotato.com Lazarus interaction with V1 exploiter walletretrieved 2026-05-04
  • Curator note
    rekt.incidents: [] -- no V2 DPRK incident confirmedretrieved 2026-05-04
  • Curator note
    newsbtc.com/news/north-korean-hackers-involved-in-euler-finance-exploit-chainalysisretrieved 2026-05-04

Methodology #

Detect whether an address from the curator-maintained threat-actor cluster (past exploiters, labeled attacker families) interacted with this protocol in the last 30 days.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol euler-v2 factor RD-F-158 score not_assessed collected_at 2026-05-04 19:56:06