★ Deployer linked within 3 hops to DPRK/Lazarus

Sanctum's assessment for RD-F-125 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No DPRK or Lazarus cluster proximity identified. Web search 'Sanctum Solana DPRK Lazarus North Korea' returned zero Sanctum-specific hits. FP Lee has multi-year on-camera identity with Solana Foundation roots. Jesse Cho has documented prior employment (Bluebox, CapedBoys). billythedummy has 11-year GitHub with US university affiliation (inconsistent with DPRK fresh-identity implant). External multisig signers Stepan Simkin (Squads co-founder) and Robert (Neodyme) are well-documented Solana ecosystem figures. Drift Protocol April 2026 DPRK exploit (UNC4736) confirmed as separate protocol; no Sanctum connection. No OFAC SDN hit for any named individual. No DPRK escalation.

Sources #

URL
FP Lee background: Solana Foundation stake-pool contributor; no DPRK associationAppWorks — FP Lee multi-year professional identityretrieved 2026-05-04
URL
$285 Million Drift Hack Traced to Six-Month DPRK Social Engineering OperationThe Hacker News — Drift Protocol DPRK exploit (separate from Sanctum)retrieved 2026-05-04

Methodology #

Determine whether the deployer address has an on-chain path of ≤3 hops to a Chainalysis/OFAC DPRK-labeled cluster address.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol sanctum factor RD-F-125 score green collected_at 2026-05-04 18:49:23