Known-threat-actor cluster has touched protocol
SUNSwap (sun.io)'s assessment for RD-F-158 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
T-09 v1 signal (Cat 11). No confirmed Lazarus/DPRK-labeled TRON address interaction with SunSwap contracts. Justin Sun personal EVM wallet received 0.1 ETH unsolicited from Tornado Cash (Aug 2022 dust attack targeting 600+ wallets including Brian Armstrong and Jimmy Fallon — coordinated, involuntary). Aave temporarily blocked then reinstated Sun's account within 24h. ZERO voluntary mixer interaction confirmed. SEC civil action (Mar 2023 - settled March 2026) had ZERO OFAC/DPRK nexus; dismissed with prejudice. TRON network broadly is high-volume laundering venue (Chainalysis annual reports) but per U4/U22 adversary using DEX pools ≠ team contamination. Requires Chainalysis partner feed for definitive TRON-contract-level cluster assessment.
Sources #
- URLCoinDesk - SEC Justin Sun Tron SettlementSEC settlement with Justin Sun March 2026 - dismissed with prejudiceretrieved 2026-05-17
- Aave bans Justin Sun for receiving funds from Tornado CashJustin Sun Tornado Cash dust attack - Aave ban and reinstatement Aug 2022retrieved 2026-05-17
- Justin Sun Wallet Because of Tornado Cash Transaction - Watcher.guruJustin Sun wallet Tornado Cash dust attack contextretrieved 2026-05-17
Methodology #
Detect whether an address from the curator-maintained threat-actor cluster (past exploiters, labeled attacker families) interacted with this protocol in the last 30 days.
See the full factor methodology and distribution across all protocols →