Known-threat-actor cluster has touched protocol

Usual (USD0 / bUSD0 / USUAL)'s assessment for RD-F-158 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No public reports of threat-actor-labeled wallet (Lazarus/DPRK cluster or other curated threat-actor list member) interactions with Usual core contracts in trailing 30 days. Rekt.news database and DefiLlama hacks contain no Usual entries. Web search for Usual + Lazarus/DPRK returns no results. January 2025 depeg was an economic/governance failure with no attacker wallet involved. Per U4 instruction: any attacker routing through USD0/Curve pools = yellow Cat 11 classification, NOT team contamination per F124/F125. No such routing identified.

Sources #

URL
Rekt.news — DeFi exploit databaseRekt.news — Usual not listed in exploit databaseretrieved 2026-05-17
URL
The Block — Usual Money protocol updateThe Block depeg report (2025-01-09) — confirms economic/governance failure, no attacker wallet involvementretrieved 2026-05-17

Methodology #

Detect whether an address from the curator-maintained threat-actor cluster (past exploiters, labeled attacker families) interacted with this protocol in the last 30 days.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol usual factor RD-F-158 score green collected_at 2026-05-16 20:39:44