Known-threat-actor cluster has touched protocol
OpenEden's assessment for RD-F-158 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Known-threat-actor wallet cluster touch (T-09 phase 2, tier-C advisory). Applicable for EVM portion; XRPL not EVM-monitorable. No DPRK/Lazarus/OFAC cluster proximity found through any public source: OFAC SDN list search, Chainalysis public reports, Elliptic public blogs, TRM Labs public resources, Hacken research articles — all yielded zero results linking OpenEden wallet addresses to known threat-actor clusters as of 2026-05-16. Operator EOA funding chain (0xdBC3C410 funded by 0x572ed8c1Aa, funded by 0xF4928C95) shows no mixer or threat-actor labels at visible hops. Public-proxy observation is clean. Definitive 3-hop proximity requires paid TI feed (Chainalysis/TRM private cluster query) — noted as residual uncertainty.
Sources #
- EtherscanOperator EOA — EtherscanOperator EOA 0xdBC3C410A9EdE40B86482Ca0677EccdeaF5a3fDe: funded by 0x572ed8c1Aa (untagged developer wallet, 20 txs, created KycManager contract, no mixer label) — no threat-actor cluster label at visible hopsretrieved 2026-05-16
- OFAC Sanctions List SearchOFAC SDN search for Lazarus Group / DPRK: extensive 2024-2026 enforcement actions documented; no OpenEden addresses appear in any public OFAC SDN entry or Chainalysis/Elliptic/TRM public reportingretrieved 2026-05-16
Methodology #
Detect whether an address from the curator-maintained threat-actor cluster (past exploiters, labeled attacker families) interacted with this protocol in the last 30 days.
See the full factor methodology and distribution across all protocols →