Known-threat-actor cluster has touched protocol
Superstate's assessment for RD-F-158 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
No confirmed Lazarus/DPRK or other threat-actor cluster touch found in public data. Web search 'Lazarus DPRK Superstate USTB Robert Leshner 2024 2025' returned zero relevant results. AllowList KYC gate provides structural barrier against unauthorized wallet interaction. However: Superstate USTB ($1.1B AUM) is a high-value passive store of value — an attacker who has already monetized an exploit elsewhere could hold USTB as an off-chain-backed stable asset. This is the standard §15 U4 passive-venue risk class for regulated RWA funds (same as circle-usyc assessment). Passive-venue use ≠ team contamination. Scored yellow per §15 U4 guidance: active threat unconfirmed; class risk acknowledged.
Sources #
- URLCoinDesk USTB launch coverage — no threat-actor connectionWeb search 'Lazarus DPRK Superstate USTB Robert Leshner 2024 2025' — zero DPRK/Lazarus connection foundretrieved 2026-05-16
- Superstate profile §10 — no incidents00-profile.md §10: zero incidents; hacksdatabase grep returned zero matches for superstate/USTB/uscc; no threat-actor involvement documentedretrieved 2026-05-16
Methodology #
Detect whether an address from the curator-maintained threat-actor cluster (past exploiters, labeled attacker families) interacted with this protocol in the last 30 days.
See the full factor methodology and distribution across all protocols →