Mixer withdrawal → protocol interaction
Raydium's assessment for RD-F-090 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Cat 6A precursor signal. Historical confirmed: Dec 2022 attacker (Solana: AgJddDJLt17nHyXDCpyGELxwsZZQPqfUsuwzoiqVGJwD; ETH: 0x7047912c295cd54d6617b5d0d6d8b324a11c91db) deposited ~1,774.5 ETH (~$2.7M) into Tornado Cash on 2023-01-19 via 42 transactions — confirmed laundering path post-exploit. The attacker's Solana funding source (5ndLnEYqSFiA5yUFHo6LVZ1eWc6Rhh11K5CfJNkoHEPs) is confirmed as a FixedFloat Exchange hot wallet (non-mixer). The Drift April 2026 DPRK wallets (UNC4736) interacted with Raydium pools in March 2026 for CVT wash trading, but did not use Tornado Cash for their Raydium interactions. No current active mixer-sourced wallet interacting with Raydium core contracts identified within 30-day threshold window as of 2026-04-29. Historical laundering event (Jan 2023) is outside the 30-day look-back threshold — current posture is green. T-09 v1 Phase 2 signal (not yet wired for Raydium).
Sources #
- URLRaydium hacker funnels $2.7 million through Tornado Cash mixerThe Block — Raydium hacker funnels $2.7M through Tornado Cashretrieved 2026-04-29
- Raydium Detailed Post-Mortem and Next StepsAttacker Solana wallet: AgJddDJLt17nHyXDCpyGELxwsZZQPqfUsuwzoiqVGJwD; funder 5ndLnEYqSFiA5yUFHo6LVZ1eWc6Rhh11K5CfJNkoHEPs confirmed FixedFloat hot walletretrieved 2026-04-29
- Raydium Hack Deep Dive — HackMDAttacker ETH address: 0x7047912c295cd54d6617b5d0d6d8b324a11c91db; Tornado Cash deposit Jan 19, 2023retrieved 2026-04-29
Methodology #
Detect whether a wallet that recently withdrew from Tornado Cash, Railgun, or similar mixer has interacted with this protocol.
See the full factor methodology and distribution across all protocols →