★ Deployer linked within 3 hops to DPRK/Lazarus

Hyperliquid's assessment for RD-F-125 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

DPRK-associated addresses traded on Hyperliquid as EXTERNAL USERS in December 2024 (~$70M+ activity, ~$700K losses per security research). No 3-hop on-chain path from deployer (0x1D4c01E15A637cB3cbaF86fFbb02E5A260D01fbc) or Hyper Foundation multisig to any DPRK/Lazarus-labeled cluster identified by any researcher. Taylor Monahan's Dec 2024 security warning concerned Hyperliquid's centralized validator architecture as a social-engineering vulnerability — explicitly NOT a chain-proximity claim against team wallets. Hyperliquid responded by adding blockchain analytics screening. No OFAC SDN proximity or Chainalysis DPRK-cluster proximity for team-controlled addresses has been published. Rubric F-override NOT triggered.

Sources #

URL
https://www.coindesk.com/markets/2024/12/23/hyper-liquid-sees-record-60-m-in-usdc-flee-as-north-korea-said-to-be-probing-perpetuals-exchangeretrieved 2026-04-28
URL
https://beincrypto.com/hyperliquid-lazarus-group-hack-may-be-imminent/retrieved 2026-04-28
URL
https://cryptobriefing.com/north-korean-wallet-activity-hyperliquid/retrieved 2026-04-28

Methodology #

Determine whether the deployer address has an on-chain path of ≤3 hops to a Chainalysis/OFAC DPRK-labeled cluster address.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol hyperliquid factor RD-F-125 score green collected_at 2026-04-28 13:58:49