★ Deployer linked within 3 hops to DPRK/Lazarus
Kinetiq's assessment for RD-F-125 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
No OFAC SDN match found for deployer EOA 0xb05cb1a8188110ac2cb062996526b43179162509 or its 1-hop funding source 0xd0A8fc7f…. No Chainalysis, TRM Labs, or Elliptic public cluster label linking Kinetiq addresses to DPRK/Lazarus cluster found. The December 2024 Hyperliquid DPRK episode (DPRK-linked trading wallets on the Hyperliquid exchange) is a venue-use event by an external attacker — NOT a Kinetiq team or deployer nexus per the U4 disambiguation rule. No Kinetiq team member named in any DPRK attribution report. Critical factor: GREEN.
Sources #
- URLHyperliquid DPRK record outflows — The BlockThe Block Dec 2024 article on Hyperliquid DPRK — confirms DPRK-linked wallets used Hyperliquid exchange platform, NOT Kinetiq contracts; platform venue-use by external attackerretrieved 2026-05-17
- OFAC Sanctions List SearchOFAC SDN list search — no Kinetiq team member or address appears; Lazarus Group entries do not reference Kinetiq deployerretrieved 2026-05-17
- Kinetiq Deployer — HyperEVMScanHyperEVMScan deployer and funder addresses — no OFAC or DPRK/Lazarus cluster labels detectedretrieved 2026-05-17
Methodology #
Determine whether the deployer address has an on-chain path of ≤3 hops to a Chainalysis/OFAC DPRK-labeled cluster address.
See the full factor methodology and distribution across all protocols →