Known-threat-actor cluster has touched protocol

USDD (Decentralized USD)'s assessment for RD-F-158 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Known-threat-actor wallet interaction is a Tier-C advisory signal requiring live Chainalysis/TRM feed. Indirect adjacency documented: Poloniex (USDD whitelisted minter since 2022) was hacked Nov 2023 (~$126M), attributed to North Korea's Lazarus Group by Justin Sun and corroborated by blockchain investigators. USDD tokens were among stolen assets, representing theft of circulating USDD — not direct exploitation of USDD contract infrastructure. No confirmed direct Lazarus wallet interaction with USDD TRC-20 (TPYmHEhy5n8TCEfYGqW2rPxsghSfzghPDn) or ERC-20 v2 (0x8EbdcF3d843E3A96137E84117C7989C883cE6127) in accessible public records. Curator follow-up: verify whether Poloniex minting credentials were revoked/rotated after the Nov 2023 hack.

Sources #

URL
DigiFinex: Poloniex Lazarus AttributionDigiFinex Medium — Poloniex heist possibly linked to North Korean Lazarus Group (Nov 2023)retrieved 2026-05-17
URL
Cryptopolitan: Poloniex Hack Nov 2023Cryptopolitan — Poloniex hacked for over $100M, USDD among stolen assetsretrieved 2026-05-17

Methodology #

Detect whether an address from the curator-maintained threat-actor cluster (past exploiters, labeled attacker families) interacted with this protocol in the last 30 days.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol usdd factor RD-F-158 score gray collected_at 2026-05-17 11:34:18