Known-threat-actor cluster has touched protocol

Ethena's assessment for RD-F-158 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No confirmed direct on-chain interaction by Lazarus-attributed wallets with Ethena core contracts (EthenaMinting, USDe, sUSDe, Dev Multisig) as of 2026-04-28. Ecosystem adjacency is elevated: (1) Lazarus/TraderTraitor attributed to KelpDAO/LayerZero exploit Apr 2026 — Ethena shares LayerZero OFT infrastructure and suspended its own bridge as precaution; (2) Bybit Feb 2025 DPRK hack — Bybit holds Ethena short perp positions, potential wash venue proximity; (3) No specific Ethena-core-contract Lazarus wallet interaction in public Chainalysis reports. Yellow reflects elevated ecosystem proximity without confirmed direct touch. Definitive assessment requires Chainalysis/TRM private cluster feed.

Sources #

URL
https://www.coindesk.com/tech/2026/04/20/layerzero-blames-kelp-s-setup-for-usd290-million-exploit-attributes-it-to-north-korea-s-lazarusretrieved 2026-05-06
URL
Inside the KelpDAO Bridge Exploit | ChainalysisChainalysis: Inside the KelpDAO Bridge Exploit — Lazarus/TraderTraitor attributionretrieved 2026-04-28

Methodology #

Detect whether an address from the curator-maintained threat-actor cluster (past exploiters, labeled attacker families) interacted with this protocol in the last 30 days.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol ethena factor RD-F-158 score yellow collected_at 2026-04-28 13:58:51