★ Deployer linked within 3 hops to DPRK/Lazarus

crvUSD (Curve Stablecoin)'s assessment for RD-F-125 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No confirmed OFAC SDN linkage or Chainalysis/Elliptic Lazarus cluster proximity found for Curve Deployer 2 or Michael Egorov. Multiple targeted searches ('Michael Egorov DPRK OR Lazarus OR North Korea OR OFAC') returned zero relevant results. The Drift Protocol DPRK hack (UNC4736, April 2026) involved attacker routing funds through Curve pools as a drain venue — this is categorically NOT team DPRK linkage (process-learnings: 'attacker routing through Curve pool ≠ team contamination'). F125 ★ is green; no rubric-level discretionary F downgrade triggered.

Sources #

URL
Drift Protocol exploited for $286 million in suspected DPRK-linked attack | EllipticElliptic report on Drift Protocol exploit — Curve used as drain venue, not team linkageretrieved 2026-05-16
Etherscan
Curve: Deployer 2 | EtherscanEtherscan Curve Deployer 2 — no OFAC or cluster labelsretrieved 2026-05-16
URL
OFAC Sanctions Tracker: How Sanctions Impact Crypto Crime - ChainalysisOFAC Sanctions Tracker — Chainalysis covering DPRK-linked entities (no Curve team entries)retrieved 2026-05-16

Methodology #

Determine whether the deployer address has an on-chain path of ≤3 hops to a Chainalysis/OFAC DPRK-labeled cluster address.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol crvusd factor RD-F-125 score green collected_at 2026-05-16 19:09:40