defirisk.co
rubric v1.7.0

Known-threat-actor cluster has touched protocol

Midas's assessment for RD-F-158 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Known-threat-actor cluster has touched protocol. T-09 phase-2 / Tier C. No CTI feed configured; no direct attribution of Lazarus/DPRK wallets interacting with Midas contracts. Rationale for yellow: the KelpDAO rsETH exploit (2026-04-18) was attributed to North Korea's Lazarus Group (Chainalysis) and exploited LayerZero infrastructure — the same cross-chain bridge class that Midas actively uses for mToken transfers. Midas paused its LayerZero OFT service on 2026-04-19 in direct response, confirming shared infrastructure dependency. Per assessment instruction: DPRK venue-use (same infrastructure class) routes to F158 yellow, not team contamination. The signal would have been advisory-yellow during 2026-04-18/19 for sector-level Lazarus activity on shared infrastructure. As of 2026-05-16 (27 days post-incident), no active Lazarus wallet interaction with Midas contracts is confirmed. Assessment: yellow for sector-level DPRK proximity through shared LayerZero infrastructure; no direct Midas

Sources #

Methodology #

Detect whether an address from the curator-maintained threat-actor cluster (past exploiters, labeled attacker families) interacted with this protocol in the last 30 days.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol midas factor RD-F-158 score yellow collected_at 2026-05-16 09:34:55