defirisk.co
rubric v1.7.0

Known-threat-actor cluster has touched protocol

Rocket Pool's assessment for RD-F-158 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No confirmed DPRK/Lazarus cluster interaction with Rocket Pool core contracts (RocketStorage 0x1d8f8f00..., rETH 0xae78736C...) identified in available public data. LST protocols are not primary Lazarus laundering venues (Beacon Chain exit delays impede rapid liquidation compared to DEXes/bridges). Bybit 2025 ($1.5B DPRK theft) was laundered via DEX aggregators and bridges, not LST protocols. No OFAC-sanctioned address interaction with Rocket Pool documented. Signal not firing; CTI feed required for full production confirmation.

Sources #

  • URL
    MITRE ATT&CK — Lazarus GroupMITRE ATT&CK Lazarus Group profile — primary targets are crypto exchanges, DeFi (DEX/bridge), not LST protocolsretrieved 2026-05-04

Methodology #

Detect whether an address from the curator-maintained threat-actor cluster (past exploiters, labeled attacker families) interacted with this protocol in the last 30 days.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol rocket-pool factor RD-F-158 score green collected_at 2026-05-04 15:40:28