CredScore verdict
Compared to last analysis
Jul 5, 2026 →Score
-38
riskier
Tier
Unknown → High
Posture
— → Escalate
New sanctioned counterparty exposure: LAZARUS GROUP, LAZARUS GROUP, LAZARUS GROUP, LAZARUS GROUP, LAZARUS GROUP, Lazarus Group (DPRK), LAZARUS GROUP (7 new)
New drivers: High-confidence sanctions attribution, Sanctions-sensitive exposure context, History capped by fetch limit
0x098b…2f96eth-mainnetScore
12
0 = max risk · 100 = clean
High riskEscalateConfidence:76%
Escalate for deeper review
CredScore sees a 4.3-year-old wallet holding 101.8 ETH with at least 501 transfers. High-confidence sanctions attribution and Sanctions-sensitive exposure context are severe enough to require escalation before any further interaction.
Wallet snapshot
Wallet age
4.3 years
Transfers observed
501
Native balance
101.80 ETH
Last activity
9 days ago
Counterparties
172
Primary risk drivers
High-confidence sanctions attribution
This wallet itself is on a sanctions watchlist (per the curated registry or OFAC SDN sync).
Sanctions-sensitive attribution materially increases review urgency because legal and compliance context becomes critical.
Sanctions-sensitive exposure context
Sanctioned counterparty interactions observed: 7 · Observed labels: Ronin Bridge Hack: Lazarus Group, circle, USDC Token
Sanctions-sensitive attribution materially increases review urgency because legal and compliance context becomes critical.
History capped by fetch limit
Transfers observed: At least 501 · History cap: observed count may be a lower bound (cap 500)
Incomplete transfer coverage reduces confidence because observed totals may be lower bounds.
Sanctioned counterparty interactions
Lazarus Group (DPRK)
0x098b716b8aaf21512996dc57eb0615e2383e2f96 ↗OFAC_SDN · Axie Infinity Ronin Bridge hack proceeds
Lazarus Group (DPRK)
0xa0e1c89ef1a489c9c7de96311ed5ce5d32c20e4b ↗OFAC_SDN · Axie Infinity Ronin Bridge hack proceeds
Observed entity context
Labels
Ronin Bridge Hack: Lazarus GroupcircleUSDC Token
Protocols
Ethereum FoundationWrapped Ether (WETH)Null / Burn Addresscircle
Offsetting factors
Established history
Wallet age: 4.3y (observed)
Recognizable protocol attribution
Observed protocol: Ethereum Foundation · Observed protocol: Wrapped Ether (WETH) · Observed protocol: Null / Burn Address
Analyst briefing
Executive Risk Verdict
This address presents elevated counterparty risk. High-confidence sanctions attribution and Sanctions-sensitive exposure context compose adverse signal severe enough to justify escalation under current coverage.
Decision Posture
Escalate for deeper review. A specific high-risk signal combination was detected (sanctions self). This pattern is materially more concerning than any individual flag in isolation and requires human context to resolve correctly.
Primary Risk Drivers
High-confidence sanctions attribution This wallet itself is on a sanctions watchlist (per the curated registry or OFAC SDN sync). Sanctions-sensitive attribution materially increases review urgency because legal and compliance context becomes critical.
Sanctions-sensitive exposure context
Sanctioned counterparty interactions observed: 7
Observed labels: Ronin Bridge Hack: Lazarus Group, circle, USDC Token
Sanctions-sensitive attribution materially increases review urgency because legal and compliance context becomes critical.
History capped by fetch limit
Transfers observed: At least 501
History cap: observed count may be a lower bound (cap 500)
Incomplete transfer coverage reduces confidence because observed totals may be lower bounds.
Offsetting Factors
Established history Wallet age: 4.3y (observed)
Recognizable protocol attribution
Observed protocol: Ethereum Foundation
Observed protocol: Wrapped Ether (WETH)
Observed protocol: Null / Burn Address
Structural Pattern Observations
Fan-out distribution (medium confidence) The observed flow pattern is consistent with fan-out distribution behavior and also carries additional review pressure from thin visibility, limited history, or sensitive exposure. This is not a misconduct finding, but it is not a routine pattern under current coverage.
Behavior Distribution
DEX-related interactions: 0% of observed activity. Bridge-related interactions: 0% of observed activity. Attributed interactions: 100% of observed activity, but only 0% resolved with high confidence, the remainder are unlabeled contract interactions, which is opacity rather than meaningful attribution coverage. High-confidence attributed interactions: 0% of observed activity.
Observed Entity / Protocol Context
Ronin Bridge Hack: Lazarus Group circle USDC Token
Observed Protocol Attribution
Ethereum Foundation Wrapped Ether (WETH) Null / Burn Address circle
Confidence Statement
Overall assessment confidence is high (76%), reflecting stronger sample depth, better coverage, and more stable observable behavior.
Sensitivity notes
Improved transaction coverage could materially change activity-based interpretation and increase confidence.
Off-chain context would be particularly valuable here, the detected structural patterns raise interpretive ambiguity that on-chain data alone cannot resolve.
The dormancy-reactivation pattern warrants direct inquiry, understanding what triggered resumed activity would substantially clarify the current behavioral picture.
For analysts
Generate a Defensible Verdict Report — engine version + timestamp baked in, exportable as PDF or copy-pasted as Markdown into a SAR narrative or case file.
Run your own wallet through CredScore
Deterministic Ethereum wallet risk scoring with a full audit trail. Every signal has an explicit numeric weight, output is reproducible. Paste any wallet to see your own verdict.
First analysis is free, no credit card. Or see pricing.
Shared Jul 11, 2026