Mixer withdrawal → protocol interaction

Hyperliquid's assessment for RD-F-090 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

October–December 2024: DPRK-attributed wallets (attributed by Taylor Monahan / MetaMask security and on-chain clustering consistent with Chainalysis attribution) deposited ETH ($476,489) and traded on Hyperliquid. Attribution meets the ≥2-sources threshold. The $476k ETH deposit meets the >$100k interaction threshold. Whether these wallets had a mixer withdrawal within 30 days pre-interaction is not confirmed via public data — requires Chainalysis private feed. At April 2026 assessment date no new confirmed DPRK interaction since the December 2024 response. Signal would have fired at the December 2024 event date if live. Current posture: cleared for the specific wallets, but baseline risk remains elevated given confirmed historical interaction.

Sources #

URL
https://www.coindesk.com/markets/2024/12/23/hyper-liquid-sees-record-60-m-in-usdc-flee-as-north-korea-said-to-be-probing-perpetuals-exchangeretrieved 2026-04-28
URL
https://beincrypto.com/north-korean-hackers-target-hyperliquid/retrieved 2026-04-28

Methodology #

Detect whether a wallet that recently withdrew from Tornado Cash, Railgun, or similar mixer has interacted with this protocol.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol hyperliquid factor RD-F-090 score yellow collected_at 2026-04-28 13:58:49