Known-threat-actor cluster has touched protocol

Symbiotic's assessment for RD-F-158 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Known-threat-actor wallet interaction with Symbiotic core contracts cannot be confirmed or ruled out via public-proxy assessment alone. KelpDAO rsETH exploit (Apr 2026, ~$293M) attributed to TraderTraitor/DPRK Lazarus Group involved the restaking sector broadly but targeted KelpDAO's LayerZero OFT adapter bridge, not Symbiotic core contracts. DPRK adversarial-venue-use of Symbiotic vaults (routing stolen funds post-exploit) is plausible per U4 context (attacker routing funds through a Symbiotic vault = passive-venue yellow, not team complicity red). Definitive assessment requires live Chainalysis/TRM cluster feed against on-chain Symbiotic contract interaction logs. No confirmed active DPRK wallet interaction with Symbiotic core contracts found in public sources.

Sources #

URL
Crypto.news — Kelp attack spreads risk across DeFi $293M lostKelpDAO rsETH exploit attributed to TraderTraitor/Lazarus — restaking sector DPRK contextretrieved 2026-05-16
URL
Chainalysis — Tornado Cash sanctionsChainalysis — Tornado Cash sanctions context and DPRK cluster methodologyretrieved 2026-05-16

Methodology #

Detect whether an address from the curator-maintained threat-actor cluster (past exploiters, labeled attacker families) interacted with this protocol in the last 30 days.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol symbiotic factor RD-F-158 score gray collected_at 2026-05-16 09:25:24