Known-threat-actor cluster has touched protocol

QuickSwap's assessment for RD-F-158 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No Lazarus/DPRK-labeled wallet interaction with QuickSwap core DEX contracts (Factory 0x5757..., Router 0xa5E0..., Algebra core 0x411b0fAcC3...) found in OSINT pass (May 2026). Bybit Feb 2025 Lazarus laundering ($1.5B) specifically named OKX DEX aggregator; QuickSwap not named. Oct 2022 lending exploit attacker moved proceeds via Tornado Cash — but (a) this was post-exploit laundering, not pre-strike recon, (b) the lending product is permanently closed, and (c) the attacker is not a known DPRK cluster per public attribution. Advisory-only tier (T-09 tier-C) regardless; signal never flips grade solo.

Sources #

URL
OKX suspends DEX aggregator after Lazarus hackers — BleepingComputerBybit $1.5B Lazarus laundering Feb 2025: OKX DEX aggregator suspended; QuickSwap not named in public reportingretrieved 2026-05-16
URL
QuickSwap lending exploit — The BlockQuickSwap October 2022 lending exploit: Tornado Cash used for proceeds, but lending product closed; DEX contracts unaffected; no DPRK attribution for this attackretrieved 2026-05-16

Methodology #

Detect whether an address from the curator-maintained threat-actor cluster (past exploiters, labeled attacker families) interacted with this protocol in the last 30 days.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol quickswap factor RD-F-158 score green collected_at 2026-05-16 08:48:31