★ Deployer linked within 3 hops to DPRK/Lazarus
Cap (cUSD / stcUSD)'s assessment for RD-F-125 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Comprehensive OSINT search for DPRK/Lazarus proximity: (1) 'Cap Labs DPRK,' (2) 'Cap money Lazarus,' (3) 'cUSD North Korea,' (4) 'Cap labs Tornado mixer deployer OFAC' — all return zero Cap-specific results. OFAC SDN search: no Cap-associated address matched. Public blockchain intelligence (Chainalysis blog, TRM Labs, OFAC announcements 2025–2026) covers major DPRK-linked exploits (Bybit Feb 2025 $1.5B, Kelp DAO Apr 2026 $292M) with no Cap Labs mention. 1-hop funder of deployer (0x100E9db9...) carries no DPRK-cluster label. U4 rule confirmed not applicable: no attacker-used-Cap-as-drain-venue event reported. No escalation required.
Sources #
- URLOFAC SDN — no Cap Labs address matchWeb search — Cap Labs DPRK Lazarus North Korea 2025 2026 — no Cap-specific resultsretrieved 2026-05-17
- Etherscan — Cap Deployer 1, funding chainEtherscan — deployer 1-hop funder 0x100E9db9... carries no DPRK/Lazarus labelretrieved 2026-05-17
Methodology #
Determine whether the deployer address has an on-chain path of ≤3 hops to a Chainalysis/OFAC DPRK-labeled cluster address.
See the full factor methodology and distribution across all protocols →