Known-threat-actor cluster has touched protocol
EigenLayer's assessment for RD-F-158 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Known-threat-actor (Lazarus/TraderTraitor) recently targeted the restaking ecosystem directly. The Kelp DAO rsETH exploit (April 19, 2026, ~$292M, Lazarus attribution by LayerZero Labs) involved rsETH assets that were backed by EigenLayer StrategyManager positions. The attack vector was LayerZero bridge to rsETH contract, not EigenLayer core contracts directly. No confirmed direct Lazarus cluster wallet interaction with EigenLayer core contracts via public on-chain data. However, DPRK targeting of EigenLayer-adjacent ecosystem constitutes elevated threat proximity. Requires curated TI feed (Chainalysis/TRM) for definitive 30-day window check. Score yellow: proximity to confirmed DPRK attack on restaking ecosystem + insufficient public data to confirm or deny direct EigenLayer contract touch.
Sources #
- URLLayerZero blames Kelp's setup for $292M exploit — Coindesk April 2026LayerZero attribution: a highly sophisticated state actor, likely DPRK's Lazarus Group, more specifically TraderTraitor targeted KelpDAO rsETH (backed by EigenLayer StrategyManager positions) for $292Mretrieved 2026-04-28
- 290 Million Kelp DAO Crypto Heist Blamed on North Korea — SecurityWeekSecurityWeek: DPRK/Lazarus $290M Kelp DAO heist — pre-funding via Tornado Cash ~10h before attack; pattern matches prior DPRK exploitsretrieved 2026-04-28
- North Korean hackers tied to $290M crypto heist — UPIUPI: North Korean hackers tied to $290M crypto heist via KelpDAO/LayerZero, April 2026retrieved 2026-04-28
Methodology #
Detect whether an address from the curator-maintained threat-actor cluster (past exploiters, labeled attacker families) interacted with this protocol in the last 30 days.
See the full factor methodology and distribution across all protocols →