defirisk.co
rubric v1.7.0

Contributor paid to DPRK-cluster wallet

Lido's assessment for RD-F-122 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Cannot be meaningfully assessed at OSINT tier. Lido Labs has off-chain payroll; on-chain payment streams beyond Safe multisig disbursements are not publicly traceable. Individual signer wallets for committee Safes (BORG 9 signers, etc.) are in data-cache.json but hop-trace to DPRK clusters requires Chainalysis/Arkham access. The Numic incident (malware on developer machine, May 2024) is a node operator event with no DPRK attribution per official disclosure — not an insider payment routing signal. Per process-learnings: mark gray.

Sources #

  • URL
    7536https://research.lido.fi/t/lido-on-ethereum-node-operator-numic-security-incident-disclosure-may-21-2024/7536retrieved 2026-04-28

Methodology #

Determine whether protocol payments to any contributor wallet have an on-chain path ≤3 hops to a known DPRK-labeled cluster.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol lido factor RD-F-122 score gray collected_at 2026-04-28 13:58:42