Known-threat-actor cluster has touched protocol

Concrete's assessment for RD-F-158 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Known-threat-actor wallet cluster touch: T-09 phase-2 advisory signal. No evidence of known threat-actor wallets (Lazarus/DPRK cluster, past exploiter wallets, OFAC-sanctioned addresses) interacting with Concrete contracts. OSINT search for 'Blueprint Finance Lazarus DPRK North Korea' returned no relevant results. No prior exploits (rekt.incidents=[]). Protocol has Hypernative live monitoring deployed (listed security partner). Requires Chainalysis/TRM partner feed for full 3-hop on-chain verification; public proxy observation is clean. Score green reflects no positive evidence from available public sources.

Sources #

Internal
Concrete data cache — no rekt incidentsdata cache §sources.rekt.incidents=[] — zero recorded exploitsretrieved 2026-05-17
URL
Concrete homepage — no threat-actor association found in public OSINTWeb search: 'Blueprint Finance Concrete Lazarus DPRK North Korea Tornado Cash 2025' — no results linking Concrete to DPRK/Lazarusretrieved 2026-05-17
URL
Hypernative + zeroShadow partnership — Concrete uses these servicesHypernative listed as security partner on concrete.xyz — active on-chain anomaly monitoring deployedretrieved 2026-05-17

Methodology #

Detect whether an address from the curator-maintained threat-actor cluster (past exploiters, labeled attacker families) interacted with this protocol in the last 30 days.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol concrete factor RD-F-158 score green collected_at 2026-05-17 14:36:59