Commit timezone consistent with stated geography

A dev identity & insider risk factor in the v1.7.0 rubric. Measured per protocol on a s cadence.

Methodology how we score #

**What this measures** This factor analyzes the distribution of commit timestamps in the protocol's public repository and checks whether the commit-hour distribution is consistent with the team's publicly stated geography and time zone. A strong clustering of commits outside the stated time zone — for instance, a US-based team with the majority of commits landing between 01:00–06:00 UTC (consistent with East Asian working hours) — is a weak signal of time-zone misrepresentation associated with DPRK developer-implant tactics. Measurement is programmatic via GitHub API commit timestamp analysis. Category 7 context: time-zone anomaly is an explicit weak signal in DPRK developer-implant profiling.

**Why it matters** DPRK IT workers operating under false identities typically work on schedules consistent with North Korean Standard Time (UTC+9) or adjacent zones, regardless of the geography claimed in their public profiles. Trail of Bits and Unit42 research on DPRK developer infiltration documented time-zone mismatches as one of several behavioral indicators. The signal is weak in isolation and generates false positives for teams with distributed contributors across multiple zones. However, when combined with other Cat 7 indicators (pseudonymous identity, mixer funding, short contributor tenure), the time-zone anomaly pattern strengthens the insider-risk assessment.

**Green / Yellow / Red** Green is scored when commit-hour distribution is broadly consistent with the stated geography (within a two-hour tolerance band accounting for late/early work). Yellow applies when commit-time distribution has a bimodal pattern consistent with a distributed team across multiple zones, even if one cluster is in a high-risk zone — the bimodality itself suggests legitimate distribution. Red is scored when greater than 70% of commits land in a time window inconsistent with the stated geography and consistent with known DPRK working hours, with no plausible distributed-team explanation.

**Common gray cases** Gray is assigned when the repository is private or has fewer than 50 commits in the trailing 90 days, making statistical analysis unreliable.

**Notable historical examples** No cross-hacked incidents currently linked in database for this factor.

Measurement what to look for #

Determine whether the distribution of commit hours in the repo is consistent with the team's publicly stated geography (anomaly flag for DPRK-precursor pattern).

Data & output #

Data source

GitHub API commit history + commit timestamp distribution analysis + team's stated timezone

Output format

Green / Yellow / Red

Evidence artifact

Commit-hour histogram + stated timezone + anomaly flag (if commit pattern aligns with DPRK/non-stated TZ)

Confidence signal

green = commit pattern consistent with stated geography; yellow = commit pattern ambiguous; red = commit pattern inconsistent with stated geography and consistent with DPRK-linked TZ (UTC+9); gray = commit history private or team timezone unstated

Scored protocols 80 carry this factor #

Protocol RD-F-119

Aave v3 ethereum green Across Protocol ethereum gray Aerodrome Finance base green Axelar Network ethereum yellow Babylon Protocol bitcoin green Balancer (v2 + v3) ethereum green Beefy Finance ethereum gray BENQI avalanche yellow BlackRock USD Institutional Digital Liquidity Fund (BUIDL) ethereum not_applicable Cap (cUSD / stcUSD) ethereum gray Centrifuge ethereum green Chainlink CCIP ethereum green Circle USYC binance gray Compound V3 (Comet) ethereum gray Concrete ethereum gray Convex Finance ethereum gray crvUSD (Curve Stablecoin) ethereum green Curve Finance ethereum green deBridge ethereum gray Dolomite ethereum green dYdX v4 (dYdX Chain) dydx green EigenLayer ethereum green Ethena ethereum gray ether.fi ethereum gray Euler V2 ethereum green Falcon Finance ethereum gray Fluid ethereum gray Frax Finance ethereum green GMX v2 (GMX Synthetics) arbitrum yellow Hyperlane ethereum yellow Hyperliquid arbitrum green Jito solana green Jupiter solana gray Jupiter Perpetual Exchange solana green JustLend DAO tron gray Kamino Lend solana yellow Kinetiq hyperliquid gray Lido ethereum gray Liquid Collective (LsETH) ethereum gray Liquity V1 + V2 (LUSD / BOLD) ethereum green Lista DAO bsc green Lombard Finance ethereum yellow M^0 ethereum gray Maple Finance ethereum yellow Marinade Finance solana green Meteora solana gray mETH Protocol ethereum gray Midas ethereum gray Morpho V1 (Morpho Blue + MetaMorpho) ethereum green Multipli ethereum gray Ondo Finance ethereum yellow OpenEden ethereum green Orca solana green PancakeSwap bsc gray Pendle Finance ethereum green Polymarket polygon yellow QuickSwap polygon gray Raydium solana green Rocket Pool ethereum gray Sanctum solana green Save (formerly Solend) solana gray Sky Lending (formerly MakerDAO) ethereum green Spark Protocol ethereum gray Spiko stellar green Stake DAO ethereum gray StakeWise v3 ethereum yellow Stargate Finance ethereum gray stHYPE (Valantis Labs) hyperliquid green SUNSwap (sun.io) tron green Superstate ethereum yellow Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap ethereum gray Symbiotic ethereum green Synapse Protocol ethereum not_assessed Uniswap (v2 + v3) ethereum green USDD (Decentralized USD) tron not_assessed Usual (USD0 / bUSD0 / USUAL) ethereum gray Veda (BoringVault) ethereum gray Venus Protocol bsc gray Wormhole ethereum gray Yearn Finance ethereum gray

Linked hacks no historical incidents linked #

No historical incidents are linked to this factor.

rubric_version v1.7.0 factor RD-F-119 category 7 carried 80 critical no