Known-threat-actor cluster has touched protocol

Pendle Finance's assessment for RD-F-158 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Known-threat-actor wallet cluster touching protocol (Cat 11). Threshold: wallet in curated threat-actor cluster interacts with Pendle core contracts within last 30 days AND cluster has >=1 confirmed exploit attribution. No public evidence of DPRK/Lazarus or other confirmed threat-actor cluster interacting with Pendle core contracts. Penpie attacker (Sept 2024) is not attributed to DPRK/Lazarus in any available analysis (Halborn, ThreeSigma, DailyCoin) — attack was opportunistic DeFi reentrancy, not nation-state. Penpie attacker wallets interacted with Penpie contracts, not Pendle core. Signal requires proprietary TI feed for full assurance — noted limitation.

Sources #

URL
Explained: The Penpie Hack | HalbornHalborn Penpie analysis — no DPRK/Lazarus attribution for Penpie attackerretrieved 2026-04-29
URL
Penpie Hack: Three SigmaThreeSigma Penpie analysis — root cause is reentrancy vulnerability, no threat-actor attributionretrieved 2026-04-29

Methodology #

Detect whether an address from the curator-maintained threat-actor cluster (past exploiters, labeled attacker families) interacted with this protocol in the last 30 days.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol pendle factor RD-F-158 score green collected_at 2026-04-28 21:09:40