★ Deployer linked within 3 hops to DPRK/Lazarus
ether.fi's assessment for RD-F-125 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
No DPRK / Lazarus cluster proximity found at any hop level. Deployer 0xf8a86ea1ac39ec529814c377bd484387d395421e funded by institutional Safe (1-hop: protocol-owned multisig). OFAC SDN list: no match for deployer or any protocol-associated address. Chainalysis public label on deployer: 'ether.fi: Deployer' (institutional). Web search 'ether.fi DPRK Lazarus North Korea developer' returned zero protocol-specific results. April 2026 reporting on Lazarus/Kelp DAO ($292M exploit) explicitly did not implicate ether.fi. Founders (Silagadze, Kopp) have multi-year Canadian/North American tech track records inconsistent with DPRK patterns. No nation-state proximity evidence at any available evidence tier. RD-F-125 critical factor: CLEAN. No rubric F-trigger applies.
Sources #
- URLNorth Korean hackers tied to $290M crypto heist — Kelp DAO (not ether.fi)Kelp DAO DPRK exploit report — ether.fi not implicatedretrieved 2026-04-28
- ether.fi: Deployer | EtherscanDeployer funding source — Safe multisig, no DPRK-labeled address in pathretrieved 2026-04-28
- Meet Mike Silagadze, Founder and CEO of EtherFi — Cayman Enterprise CityMike Silagadze background — Canadian entrepreneur, Top Hat pedigreeretrieved 2026-04-28
Methodology #
Determine whether the deployer address has an on-chain path of ≤3 hops to a Chainalysis/OFAC DPRK-labeled cluster address.
See the full factor methodology and distribution across all protocols →