defirisk.co
rubric v1.7.0

Known-threat-actor cluster has touched protocol

Yearn Finance's assessment for RD-F-158 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Known-threat-actor wallet cluster touches protocol (Cat 11 / T-09 phase-2 signal, Tier C). Applicable. Historical pattern: all 4 Yearn exploits used Tornado Cash or Railgun as attacker funding/laundering infrastructure. Three of 4 attacks laundered funds through Tornado Cash post-exploit ($3M in exploit 3; attacker wallets from exploits 1, 2 also TC-funded). This constitutes venue-use (Yearn protocols used as drain/launder venue by mixer-funded attackers), not team-wallet contamination. Per briefing U4: venue-use routes to F158 yellow, not team contamination. No confirmed DPRK/Lazarus cluster wallet interaction with Yearn contracts within last 30 days identified via public sources. Licensed TI feed (Chainalysis/TRM) required for definitive 30-day window assessment. Yellow: elevated by historical attacker TC-venue use and documented attacker interest in the Yearn vault class.

Sources #

  • URL
    The Block — Yearn yETH Tornado Cash launderingThe Block: '$3 million in ETH sent to Tornado Cash following apparent attack on Yearn's yETH' — confirms post-exploit Tornado Cash laundering in exploit 3 (2023-11-30).retrieved 2026-05-16
  • Internal
    Yearn hacksdatabase — Tornado Cash attacker venue use across exploitshacksdatabase/hacks/yearn-rekt1.md: 'Tornado Cash (4 preparatory transactions) to obscure funding sources. Tornado TX hashes: 0x7ee28e..., 0x13c128..., 0x6b07e3..., 0xcacdc9...'; hacksdatabase/hacks/yearn2-rekt.md: 'Attacker funded via Tornado Cash; deposited 1,000 ETH'; hacksdatabase/hacks/yearn-rekt3.md: 'Primary attacker seeded through Railgun 30 minutes before execution; ~1,000 ETH (~$3M) was laundered through Tornado Cash' post-exploit.retrieved 2026-05-16

Methodology #

Detect whether an address from the curator-maintained threat-actor cluster (past exploiters, labeled attacker families) interacted with this protocol in the last 30 days.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol yearn-finance factor RD-F-158 score yellow collected_at 2026-05-16 08:34:32