defirisk.co
rubric v1.7.0

Known-threat-actor cluster has touched protocol

Wormhole's assessment for RD-F-158 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Bridge class is DPRK/Lazarus primary target; 2022 Wormhole hack not attributed to DPRK (distinct from Ronin); no current DPRK wallet interaction with Wormhole contracts confirmed in public sources; requires Chainalysis/TRM private cluster feed for definitive assessment | Unconfirmed — requires private TI feed; elevated class-level risk

Sources #

  • Curator note
    Extracted from 06-realtime-intel.md — RD-F-158; no URL citedretrieved 2026-04-28

Methodology #

Detect whether an address from the curator-maintained threat-actor cluster (past exploiters, labeled attacker families) interacted with this protocol in the last 30 days.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol wormhole factor RD-F-158 score yellow collected_at 2026-04-28 01:38:43