Known-threat-actor cluster has touched protocol
Circle USYC's assessment for RD-F-158 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
T-09 phase-2 deferred; tier-C advisory. No confirmed threat-actor cluster interaction with USYC core contracts observed via public OSINT (Etherscan/BNBScan transaction history). Deployer and known admin EOAs show no attacker-cluster contacts in public data. Passive venue flag (section 15 U4): USYC is held as collateral in Venus Protocol BSC ($2.86B concentration). A DPRK or organized exploit of Venus Protocol BSC would result in USYC flowing to attacker-controlled addresses - this is passive venue exposure, not team contamination, and is scored yellow in Cat 11 per methodology. Venus BSC experienced a $27M exploit in September 2025 that did not directly drain USYC per available post-incident reporting. Licensed TI feed (Chainalysis/TRM private cluster) required for definitive assessment.
Sources #
- URLVenus Protocol - BSC DeFi (September 2025 exploit reference)Venus Protocol BSC $27M exploit September 2025 - passive venue context; USYC not directly drainedretrieved 2026-05-16
- circle-usyc profile - TVL concentration Venus Protocol BSC00-profile.md section 4 - BSC TVL $2.86B concentrated in Venus Protocol; anomaly flag documentedretrieved 2026-05-16
- USYC ERC-20 Token Transactions - EtherscanUSYC Ethereum token recent tx history - no threat-actor cluster addresses in counterpartiesretrieved 2026-05-16
Methodology #
Detect whether an address from the curator-maintained threat-actor cluster (past exploiters, labeled attacker families) interacted with this protocol in the last 30 days.
See the full factor methodology and distribution across all protocols →