Known-threat-actor cluster has touched protocol
Stake DAO's assessment for RD-F-158 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
T-09 phase-2 signal (tier-C, advisory only). Zunami Protocol exploit (Aug 13, 2023): attacker EOA manipulated SDT pool slippage on Sushiswap to inflate UZD balance, then laundered ~1183 ETH through Tornado Cash. Stake DAO's SDT pool was used as an attack venue (adversarial-venue-use / U4 passive-venue rule) — Stake DAO was NOT the victim protocol and its contracts were not exploited. Per U4 process learning, this is yellow (historical adversarial-venue-use documented in threat history) not red. No Lazarus Group, DPRK, or OFAC-listed wallet attributed to directly touching Stake DAO contracts in 2024-2026 OSINT sweep. No active threat-actor wallet touching Stake DAO contracts in last 30 days detected in public data.
Sources #
- URLExplained: The Zunami Protocol Hack (August 2023) | HalbornZunami exploit Aug 2023 — SDT pool slippage used as manipulation vector; attacker laundered funds via Tornado Cash post-exploitretrieved 2026-05-16
- 00-data-cache.json stake-dao hacks field00-data-cache.json hacks:[] — no Stake DAO-native hacks in DefiLlama database; confirmed false-positive for 'stake-rekt' Rekt entry (Stake.com casino)retrieved 2026-05-16
Methodology #
Detect whether an address from the curator-maintained threat-actor cluster (past exploiters, labeled attacker families) interacted with this protocol in the last 30 days.
See the full factor methodology and distribution across all protocols →