★ Deployer linked within 3 hops to DPRK/Lazarus
Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap's assessment for RD-F-125 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Protocol deployer addresses (0xf942dba v2 and 0xf87bc553 v3) show no OFAC-SDN designation and no confirmed on-chain path to DPRK-labeled cluster at OSINT tier. No Chainalysis or formal OFAC designation found for sushi deployer wallets. HOWEVER — elevated concern: CoinDesk October 2024 investigation ('How North Korea Infiltrated the Crypto Industry') confirms Sushi by name as a protocol that 'unknowingly hired IT workers from the DPRK.' MISO freelance contractors ('Anthony Keller'/'Sava Grujic'/AristoK3) had blockchain payment records with funds routed to DPRK-linked wallets in 2021–2022. These contractors were Sushi DAO-engaged freelancers, NOT the protocol deployer. F125 factor definition targets the deployer address within 3 hops — the contractor payment flow is a separate on-chain path from contractor addresses to DPRK wallets, not a deployer address path. Score: yellow (elevated concern documented by CoinDesk with Sushi named explicitly, but does not satisfy deployer-address-level
Sources #
- EtherscanSushiSwap: Deployer — Etherscan (no DPRK/OFAC label)Etherscan 0xf942dba — no OFAC or DPRK label, funded by Binanceretrieved 2026-05-17
- OFAC SDN List SearchOFAC SDN list search — no Sushi deployer or leadership designation foundretrieved 2026-05-17
- How North Korea Infiltrated the Crypto IndustryCoinDesk Oct 2024 — Sushi explicitly named as DPRK IT worker-infiltrated protocolretrieved 2026-05-17
- JayPegs Automart Hack Database Entryhacksdatabase/hacks/jaypegs-automart.md — contractor wallet DPRK link detailsretrieved 2026-05-17
Methodology #
Determine whether the deployer address has an on-chain path of ≤3 hops to a Chainalysis/OFAC DPRK-labeled cluster address.
See the full factor methodology and distribution across all protocols →