Contributor paid to DPRK-cluster wallet

Jupiter Perpetual Exchange's assessment for RD-F-122 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No contributor payment-to-wallet data found routing toward DPRK cluster. Upgrade authority wallets are unverified, preventing full trace. No OFAC SDN match for any publicly identified team member. The Drift 2026-04-01 attacker used Jupiter's aggregator swap interface to convert stolen assets — this is a passive-venue use (U4 rule), not a contributor payment channel, and does not implicate any Jupiter contributor wallet.

Sources #

URL
North Korean Hackers Attack Drift Protocol in $285M Heist | TRM LabsTRM Labs — North Korean Hackers Attack Drift Protocol in $285M Heistretrieved 2026-05-16
URL
Drift Protocol Exploited for $286M in Suspected DPRK-Linked Attack | EllipticElliptic — Drift Protocol exploited for $286M in suspected DPRK-linked attackretrieved 2026-05-16

Methodology #

Determine whether protocol payments to any contributor wallet have an on-chain path ≤3 hops to a known DPRK-labeled cluster.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol jupiter-perps factor RD-F-122 score green collected_at 2026-05-16 01:53:11