Mixer withdrawal → protocol interaction

Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap's assessment for RD-F-090 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

T-09 phase-2 signal. Applicable — Sushi v2/v3 pools accept permissionless interactions from any wallet including mixer-funded wallets. Attribution feed (Chainalysis/TRM) required; not available in static assessment. Lazarus-affiliated launder routing through Sushi pools documented Feb 2025 (Allium.so) but that is the F158 finding; F090 requires ≥2 independent attribution sources confirming a specific wallet withdrew from Tornado/Railgun within 30 days and then interacted with Sushi core contracts. Production monitoring not wired.

Sources #

URL
Bybit Hack: How the Lazarus Group Exploited DeFi Protocols to Launder $400M — Allium.soT-09 real-time signals doc — phase-2 signal requiring Chainalysis/TRM attribution feedretrieved 2026-05-17

Methodology #

Detect whether a wallet that recently withdrew from Tornado Cash, Railgun, or similar mixer has interacted with this protocol.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol sushi factor RD-F-090 score gray collected_at 2026-05-16 19:50:37