defirisk.co
rubric v1.7.0

Known-threat-actor cluster has touched protocol

GMX v2 (GMX Synthetics)'s assessment for RD-F-158 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No confirmed DPRK/Lazarus cluster interaction with GMX v2 core contracts (ExchangeRouter, DataStore, OrderVault) documented in public sources at assessment date 2026-05-05. The July 2025 v1 exploit attacker is not publicly attributed to DPRK/Lazarus — they accepted a $5M white-hat bounty and returned the remaining funds. No Hyperliquid-equivalent DPRK reconnaissance episode documented for GMX v2. North Korean Lazarus Group 2025-2026 attacks targeted Bybit ($1.5B), Bitrefill, and broader crypto firms but GMX v2 not specifically named. Threshold: address from curator-maintained threat-actor cluster interacted with protocol core contracts within 30 days.

Sources #

  • URL
    https://www.halborn.com/blog/post/explained-the-gmx-hack-july-2025retrieved 2026-05-05
  • URL
    https://thehackernews.com/2025/12/north-korea-linked-hackers-steal-202.htmlretrieved 2026-05-05

Methodology #

Detect whether an address from the curator-maintained threat-actor cluster (past exploiters, labeled attacker families) interacted with this protocol in the last 30 days.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol gmx-v2 factor RD-F-158 score green collected_at 2026-05-05 11:15:06