★ Deployer linked within 3 hops to DPRK/Lazarus

Jupiter's assessment for RD-F-125 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No evidence linking Jupiter founding team, deployer wallets, or program upgrade authority to a DPRK/Lazarus cluster. The Drift Protocol hack (2026-04-01) involved DPRK operatives (UNC4736) stealing JLP tokens from Drift's vaults — this is attacker-used-Jupiter-as-drain-venue, NOT Jupiter team DPRK linkage. OFAC SDN list does not include Meow, Siong Ong, or known Jupiter team members. Multi-source CTI search returned no Jupiter→DPRK proximity finding. The Upbit JUP token theft was also attacker using JUP as stolen asset, not a team linkage.

Sources #

URL
$285 Million Drift Hack Traced to Six-Month DPRK Social Engineering OperationThe Hack News — Drift hack attributed to DPRK (Drift, not Jupiter)retrieved 2026-04-29
URL
hacksdatabase/hacks/drift-protocol-rekt.md — context clarificationDrift hack database — JLP as victim asset (not Jupiter team proximity)retrieved 2026-04-29
URL
Analysts implicate North Korea's Lazarus hacker group in Drift Protocol exploit — MEXC NewsWebSearch: Jupiter Solana DPRK OR Lazarus — no team linkage foundretrieved 2026-04-29

Methodology #

Determine whether the deployer address has an on-chain path of ≤3 hops to a Chainalysis/OFAC DPRK-labeled cluster address.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol jupiter factor RD-F-125 score green collected_at 2026-04-29 11:51:25