Known-threat-actor cluster has touched protocol
Liquid Collective (LsETH)'s assessment for RD-F-158 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
T-09 phase-2 signal; tier-C advisory. No known-threat-actor wallet interaction with River contract (0x8c1BEd5b9a0928467c9B1341Da1D7BD5e10b6549) or other core Liquid Collective contracts identified in public sources. Web search across DPRK, Lazarus, Liquid Collective, LsETH, Alluvial returns no positive results. January 2024 incident was an internal software bug (exit daemon caching + exit-condition bugs), not an attacker-wallet-driven compromise. The Allowlist contract creates an institutional KYC/AML access barrier reducing the likelihood of known-threat-actor wallet direct interaction with the protocol. Public-proxy observation finds no confirmed interaction; definitive assessment requires Chainalysis/TRM private cluster feed for all 10 signer wallets.
Sources #
- InternalLiquid Collective data cache - rekt and hacks00-data-cache.json sources.rekt.incidents = [] and sources.defillama.hacks = []; no exploit history confirming no known-threat-actor prior strikeretrieved 2026-05-17
- Incident Update Jan 30 - Liquid Collective DiligenceJanuary 2024 incident post-mortem: protocol paused due to exit daemon software bugs; root cause was caching bug + exit condition bug; no security vulnerability, slashing risk, or user ETH at risk of loss; no attacker walletretrieved 2026-05-17
Methodology #
Detect whether an address from the curator-maintained threat-actor cluster (past exploiters, labeled attacker families) interacted with this protocol in the last 30 days.
See the full factor methodology and distribution across all protocols →