★ Deployer linked within 3 hops to DPRK/Lazarus

mETH Protocol's assessment for RD-F-125 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No team-side DPRK or Lazarus cluster linkage found within 3 hops. The February 2025 Bybit hack involved DPRK-attributed actors (UNC4736/TraderTraitor) who stole approximately 8,000 mETH and 15,000 cmETH from Bybit's Safe wallet; Mantle acted as a third-party responder (blacklisted attacker wallet addresses, recovered $42M, froze cmETH). Per U4 rule: DPRK using mETH/cmETH as a passive drain venue does NOT contaminate team identity. No OFAC SDN listing found for Mantle, BitDAO, or any mETH-associated entity. Web OSINT search for Mantle BitDAO DPRK Lazarus developer insider returned no adverse team-side results. F125 green; Bybit hack context routed to Cat 11 (realtime-intel-analyst, F158).

Sources #

URL
Chainalysis — Bybit hack DPRK attribution (external analysis; Mantle not flagged as insider)https://www.chainalysis.com/blog/bybit-exchange-hack-february-2025-crypto-security-dprk/retrieved 2026-05-16
URL
Mantle Blog — Bybit hack response (Mantle as third-party responder; recovered $42M; no insider implication)https://group.mantle.xyz/blog/reviews/real-time-blockchain-agility-insights-from-industry-toughest-testretrieved 2026-05-16
URL
IC3/FBI — DPRK responsible for Bybit hack (external attribution; no Mantle team involvement)https://www.ic3.gov/psa/2025/psa250226retrieved 2026-05-16

Methodology #

Determine whether the deployer address has an on-chain path of ≤3 hops to a Chainalysis/OFAC DPRK-labeled cluster address.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol meth-protocol factor RD-F-125 score green collected_at 2026-05-16 02:17:50