defirisk.co
rubric v1.7.0

Mixer withdrawal → protocol interaction

Curve Finance's assessment for RD-F-090 — scored not_assessed on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Tier-C advisory signal, T-09 v1 phase-2 scope. Curve pools structurally receive funds from diverse sources including mixer-adjacent wallets as a baseline — Curve is a primary stablecoin liquidity venue. The August 2022 DNS attacker subsequently used Tornado Cash for fund laundering (attacker action, not protocol-team action). No specific new mixer-funded threat-actor interaction identified at 2026-04-28. Requires licensed Chainalysis/TRM clustering feed for full assessment. Signal is applicable architecturally but not assessable at static dry-run without partner feed.

Sources #

  • URL
    August 10, 2022 — Curve Frontend HackedCurve August 2022 DNS hijack post-mortem — attacker used Tornado Cash post-theft (attacker action, not protocol action)retrieved 2026-04-28
  • Internal
    T-09 Real-Time Signals — v1 ScopeT-09 real-time signals spec §3.2 — RD-F-090 v1 phase-2, tier-C advisory only; requires wallet-clustering feedretrieved 2026-04-28

Methodology #

Detect whether a wallet that recently withdrew from Tornado Cash, Railgun, or similar mixer has interacted with this protocol.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol curve-v2 factor RD-F-090 score not_assessed collected_at 2026-04-28 19:48:40