defirisk.co
rubric v1.7.0

Deployer linked within 3 hops to DPRK/Lazarus

Lido's assessment for RD-F-125 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No OSINT evidence linking Deployer 1 or Deployer 2 to DPRK/Lazarus cluster. Deployer 1's 1-hop neighbor is Binance 2 (OFAC-compliant major CEX). OFAC SDN list: no Lido team member or deployer address match. Web search 'Lido Finance DPRK Lazarus North Korea' returns zero Lido-specific results. Numic incident (May 2024) was third-party node operator malware — no DPRK attribution per official disclosure. Confidence: medium (OSINT-tier only; no Chainalysis hop-trace).

Sources #

  • URL
    0x55bc991b2edf3ddb4c520b222be4f378418ff0fahttps://etherscan.io/address/0x55bc991b2edf3ddb4c520b222be4f378418ff0faretrieved 2026-04-28
  • URL
    7536https://research.lido.fi/t/lido-on-ethereum-node-operator-numic-security-incident-disclosure-may-21-2024/7536retrieved 2026-04-28

Methodology #

Determine whether the deployer address has an on-chain path of ≤3 hops to a Chainalysis/OFAC DPRK-labeled cluster address.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol lido factor RD-F-125 score green collected_at 2026-04-28 13:58:42