★ Deployer linked within 3 hops to DPRK/Lazarus
Liquity V1 + V2 (LUSD / BOLD)'s assessment for RD-F-125 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
V2 deployer funded from Binance 15 (major KYC-gated CEX). V1 deployer funded from internal Liquity Bounties safe. Both deployer transaction graphs show interactions exclusively with Liquity core protocol contracts and major DeFi infrastructure (Create2Factory). No OFAC SDN list entries exist for any Liquity address. Comprehensive OSINT search for Liquity Robert Lauko Rick Pardoe DPRK Lazarus North Korea returned zero relevant results — only general Lazarus Group Wikipedia/FBI/DOJ reference material returned, no Liquity connection. No published Chainalysis, Nansen, or Arkham threat intelligence report links any Liquity-affiliated address to the DPRK/Lazarus cluster. U4 rule applied: if Lazarus Group uses LUSD or BOLD as a settlement token post-exploit on another protocol, that finding routes to Cat 11 of the affected protocol, NOT to Liquity Cat 7. Full Chainalysis-grade paid graph traversal not available; high confidence from available evidence (CEX funding, clean tx graph, zero advers
Sources #
- URLFBI Confirms Lazarus Group Responsible for Harmony Bridge Theft - no Liquity connectionFBI confirmation of Lazarus Group operations - no Liquity mention in any published DPRK cyber operation reportretrieved 2026-05-16
- Liquity V2: Deployer 2 | EtherscanEtherscan v2 deployer address page confirming Binance 15 funding label and no sanctioned address interactionsretrieved 2026-05-16
- Liquity 2026 Company Profile - Tracxn (confirming Swiss entity, no adverse notes)OSINT search result confirming zero Lazarus/DPRK/North Korea connection to Liquity, Robert Lauko, or Rick Pardoeretrieved 2026-05-16
Methodology #
Determine whether the deployer address has an on-chain path of ≤3 hops to a Chainalysis/OFAC DPRK-labeled cluster address.
See the full factor methodology and distribution across all protocols →