defirisk.co
rubric v1.7.0

Known-threat-actor cluster has touched protocol

Kamino Lend's assessment for RD-F-158 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No confirmed Lazarus/attacker-cluster wallet interaction with klend identified from public sources. Elevated ambient threat: Drift ($285M) and KelpDAO ($292M) both DPRK-attributed in April 2026. Kamino is highest-TVL Solana lending protocol — a logical high-value target.

Detail #

Two major Solana DeFi exploits in April 2026 confirmed DPRK/Lazarus attribution: Drift Protocol $285M (UNC4736 6-month social engineering) and KelpDAO $292M (LayerZero 1/1 DVN). Kamino (~$1.5B TVL) is the largest remaining Solana lending target. No confirmed Lazarus-cluster wallet interaction with klend program KLend2g3cP87fffoy8q1mQqGKjrxjC8boSyAYavgmjD identified from OSINT. Requires Chainalysis/TRM Solana cluster feed to confirm or deny.

Sources #

  • URL
    $285M Drift Hack DPRKDrift $285M exploit traced to 6-month DPRK social engineering (UNC4736) — The Hacker News April 2026retrieved 2026-04-27
  • URL
    KelpDAO $292M DPRK attributionKelpDAO $292M LayerZero exploit attributed to Lazarus Group — Yahoo Finance April 2026retrieved 2026-04-27

Methodology #

Detect whether an address from the curator-maintained threat-actor cluster (past exploiters, labeled attacker families) interacted with this protocol in the last 30 days.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol kamino-lend factor RD-F-158 score yellow collected_at 2026-04-30 21:19:16