Known-threat-actor cluster has touched protocol

Jito's assessment for RD-F-158 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Drift Protocol exploit (2026-04-01, UNC4736/DPRK, $285M): JitoSOL tokens ($3.6M) among 18 asset types drained from Drift. DPRK wallets interacted with Drift Protocol contracts, NOT with Jito program addresses (Jito4APyf642JPZPx3hGc6WWJ8zPKtRbRs4P815Awbb, T1pyyaTNZsKv2WcRAB8oVnk93mLJw2XzjtVYqCsaHqt, 4R3gSG8BpU4t19KYj8CfnbtRpnT8gtk4dvTHxVRwc2r7). Signal requires interaction with Jito's own protocol contracts. The Drift exploit targeted Drift's privileged access (SC compromise via 6-month social engineering), not Jito programs. Doxxed Jito founders (Lucas Bruder, Zanyar Sherwani) show no DPRK affiliation. T-09 v1 phase-2 advisory signal.

Sources #

URL
The Hacker News — Drift Hack DPRK AttributionThe Hacker News: '$285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation' — confirms Drift (not Jito) was the targetretrieved 2026-04-29
URL
Chainalysis — Lessons from the Drift HackChainalysis blog: 'Lessons from the Drift Hack' — confirms UNC4736 attribution, asset types drained including JitoSOL $3.6M from Drift's custodyretrieved 2026-04-29

Methodology #

Detect whether an address from the curator-maintained threat-actor cluster (past exploiters, labeled attacker families) interacted with this protocol in the last 30 days.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol jito factor RD-F-158 score green collected_at 2026-04-29 15:50:23