Known-threat-actor cluster has touched protocol

Jupiter's assessment for RD-F-158 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Known threat-actor wallet signal applicable — DPRK/Lazarus active on Solana (Drift Protocol Apr 2026 DPRK exploit; Bybit 2025 Solana laundering). No public attribution of DPRK/Lazarus wallets interacting with Jupiter core contracts within last 30 days. Chainalysis/TRM Solana private cluster data not accessible. Public OSINT search returned no Jupiter-DPRK intersection. Requires partner TI feed for definitive assessment.

Sources #

Internal
T-09 Real-Time Signals v1 Scope — RD-F-158T-09 §4.10 — requires curated TI feed; advisory only; no public DPRK-Jupiter interaction foundretrieved 2026-04-29
URL
DPRK $2.02B Crypto Theft 2025 — The Hacker NewsThe Hacker News Dec 2025: DPRK-linked hackers steal $2.02B in 2025; active on Solanaretrieved 2026-04-29

Methodology #

Detect whether an address from the curator-maintained threat-actor cluster (past exploiters, labeled attacker families) interacted with this protocol in the last 30 days.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol jupiter factor RD-F-158 score gray collected_at 2026-04-29 11:51:25