Known-threat-actor cluster has touched protocol

mETH Protocol's assessment for RD-F-158 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Known-threat-actor wallet cluster has touched protocol. T-09 v1, Phase 2, Tier C. No public attribution of Lazarus Group, DPRK, or other curated threat-actor cluster interacting with mETH core contracts within trailing 30 days. OSINT search for Lazarus/DPRK/Mantle/mETH 2024-2025 returned no positive results. Authoritative assessment requires licensed TI feed (Chainalysis, TRM Labs, Arkham). Per invocation guidance: attacker using mETH as a passive launder venue (e.g., swapping through mETH liquidity) would be Cat 11 F158 yellow and does NOT contaminate dev-identity F124/F125.

Sources #

URL
OSINT search — Lazarus/DPRK/mETH interactionOSINT web search: Lazarus DPRK Mantle mETH protocol attack reconnaissance 2024 2025 — no positive results foundretrieved 2026-05-16

Methodology #

Detect whether an address from the curator-maintained threat-actor cluster (past exploiters, labeled attacker families) interacted with this protocol in the last 30 days.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol meth-protocol factor RD-F-158 score gray collected_at 2026-05-16 02:17:50