Known-threat-actor cluster has touched protocol

Lido's assessment for RD-F-158 — scored not_assessed on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No confirmed DPRK/Lazarus cluster touch of Lido core contracts from public OSINT. Kelp DAO exploit (April 2026, UNC4736/Lazarus) had downstream Lido EarnETH vault effect but attacker wallets did not interact with Lido core contracts. Requires Chainalysis/TRM licensed feed for definitive check.

Sources #

URL
retrieved 2026-04-28
URL
lazarus-kelp-hack-north-korea-crypto-heistshttps://yellow.com/research/lazarus-kelp-hack-north-korea-crypto-heistsretrieved 2026-04-28

Methodology #

Detect whether an address from the curator-maintained threat-actor cluster (past exploiters, labeled attacker families) interacted with this protocol in the last 30 days.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol lido factor RD-F-158 score not_assessed collected_at 2026-04-28 13:58:42