Known-threat-actor cluster has touched protocol

Veda (BoringVault)'s assessment for RD-F-158 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

T-09 phase-2 advisory signal. No known-threat-actor wallet interactions found via public-observable sources. Web search 'Veda Labs BoringVault DPRK Lazarus threat actor 2025 2026' returned no Veda-specific results. Public Etherscan tags and Arkham/Nansen public labels do not show any flagged wallets interacting with Veda's primary contracts. Full attribution requires Chainalysis/TRM licensed cluster feed (not integrated). Note: Veda's $1.07B TVL makes it a plausible DPRK reconnaissance target (DPRK class has targeted large yield protocols), but no positive detection as of assessment date.

Sources #

URL
MITRE ATT&CK: Lazarus Group (G0032) — no Veda linkage in public attributionWeb search 'Veda Labs BoringVault DPRK Lazarus threat actor 2025 2026' — no Veda-specific results; general Lazarus activity reports not linking Vedaretrieved 2026-05-17
Etherscan
Etherscan: ether.fi Deployer 4 — clean funding sourceDeployer 0x0463e60c7ce10e57911ab7bd1667eaa21de3e79b funded by ether.fi Safe Smart Account — no DPRK-cluster hops identified on public explorerretrieved 2026-05-17

Methodology #

Detect whether an address from the curator-maintained threat-actor cluster (past exploiters, labeled attacker families) interacted with this protocol in the last 30 days.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol veda factor RD-F-158 score gray collected_at 2026-05-17 12:41:22