Real-capital social-engineering persona
Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap's assessment for RD-F-184 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
MISO contractor (AristoK3 / 'Sava Grujic' / 'Anthony Keller') built credibility as a trusted contributor through legitimate MISO platform work before injecting malicious code. CoinDesk (Oct 2024) reports they 'used fake IDs, successfully navigated interviews, passed reference checks and presented genuine work histories' — fitting the social-engineering persona-building pattern. The F184 definition specifically requires '>=1M of attributed real-capital deposits to the target protocol or peer protocols, used to build credibility.' The MISO case is credibility-building through code contribution and employment history rather than confirmed capital deposit. No evidence of the contractor deploying personal capital of >=1M into Sushi pools found at OSINT tier. Pattern partially matches (social-engineering persona build-up preceding an attack) but the specific capital-deposit sub-criterion is not confirmed. Score: yellow per the process-learnings guidance for F184 (gray + Drift comparator is t
Sources #
- URLHow North Korea Infiltrated the Crypto IndustryCoinDesk Oct 2024 — DPRK IT workers built credibility via fake credentials and genuine work histories at Sushiretrieved 2026-05-17
- JayPegs Automart Hack Database Entryhacksdatabase/hacks/jaypegs-automart.md — supply-chain attack via trusted contractor with write accessretrieved 2026-05-17
Methodology #
Determine whether a curator-flagged "team contributor" or "external integrator" persona has ≥$1M of attributed real-capital deposits to the target protocol or peer protocols, potentially used to build credibility ahead of a social-engineering attack.
See the full factor methodology and distribution across all protocols →