★ Deployer linked within 3 hops to DPRK/Lazarus

Jupiter Perpetual Exchange's assessment for RD-F-125 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

[★ CRITICAL] No DPRK/Lazarus cluster proximity found for Jupiter Perps program deployer or team members. The Drift 2026-04-01 exploit (DPRK-attributed UNC4736/Lazarus, ~$155.6M JLP drained from Drift vaults) involved: (a) JLP as victim collateral in Drift's own vaults — Jupiter Perps was the passive counterparty, not compromised; (b) the attacker used Jupiter's aggregator swap interface post-exploit to convert stolen assets to USDC — a passive-venue use. Per U4 rule: this event is classified as F158 yellow (Cat 11 passive venue) and explicitly keeps F125 green. No OFAC SDN match for any Jupiter team member. TRM Labs and Elliptic post-mortems confirm Jupiter team was not implicated. No rubric-level DPRK escalation triggered.

Sources #

URL
North Korean Hackers Attack Drift Protocol in $285M Heist | TRM LabsTRM Labs — North Korean Hackers Attack Drift Protocol: Jupiter used as swap tool post-exploit, not insider linkageretrieved 2026-05-16
URL
Drift Protocol Exploited for $286M in Suspected DPRK-Linked Attack | EllipticElliptic — Drift Protocol exploited for $286M in suspected DPRK-linked attack: Jupiter as passive swap venueretrieved 2026-05-16

Methodology #

Determine whether the deployer address has an on-chain path of ≤3 hops to a Chainalysis/OFAC DPRK-labeled cluster address.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol jupiter-perps factor RD-F-125 score green collected_at 2026-05-16 01:53:11