★ Deployer linked within 3 hops to DPRK/Lazarus

Marinade Finance's assessment for RD-F-125 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No evidence of DPRK/Lazarus cluster proximity for any Marinade privileged address. OSINT search for Marinade Finance + DPRK/Lazarus/North Korea returned null. The Drift Protocol Apr-2026 UNC4736/Lazarus attack: the attacker deposited $1M+ into Drift Ecosystem Vault to build credibility -- Marinade's staking was one of the broader Solana staking venues available, but the attack vector was Drift's Security Council governance, not Marinade personnel. Per U4 instruction: attacker using Marinade staking as a deposit venue is NOT team contamination. Marinade team addresses show no OFAC SDN presence. No Chainalysis-published Lazarus cluster proximity found via public search.

Sources #

URL
$285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation | The Hacker NewsThe Hacker News analysis of Drift UNC4736 attack confirming attack was on Drift Security Council, not Marinade teamretrieved 2026-05-16
URL
Security | Marinade DocumentationMarinade security documentation showing no DPRK-related incidents or advisoriesretrieved 2026-05-16
URL
OFAC SDN List | U.S. Department of the TreasuryOFAC SDN list search -- null result for Marinade-associated addressesretrieved 2026-05-16

Methodology #

Determine whether the deployer address has an on-chain path of ≤3 hops to a Chainalysis/OFAC DPRK-labeled cluster address.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol marinade factor RD-F-125 score green collected_at 2026-05-16 08:48:35