defirisk.co
rubric v1.7.0

Leaked credential on paste/sentry site

A threat intelligence & recon factor in the v1.7.0 rubric. Measured per protocol on a e cadence.

Methodology how we score #

**What this measures** This episodic signal fires when a public paste site (Pastebin, GitHub Gist), an error-monitoring endpoint (Sentry, Rollbar), or a credential-dump feed references API keys, RPC endpoint credentials, or infrastructure configuration strings that match known patterns from the monitored protocol's public infrastructure. Detection is manual curator investigation triggered by automated keyword-based alerts on paste-monitoring services. Category 11 context: leaked credentials are the off-chain precursor to infrastructure compromise attacks; they represent attacker access to the protocol's operational environment before any on-chain action has occurred.

**Why it matters** EasyFi ($59M, 2021) involved MetaMask private key exposure — a credential compromise that enabled the admin key drain. AnySwap V3 ($7.9M, 2021) involved MPC ECDSA nonce reuse that compromised signing keys. More broadly, RPC endpoint credentials and API keys exposed on paste sites enable attackers to monitor protocol state with privileged access, identify vulnerable states, and time attacks to coincide with low-monitoring windows. The Atomic Wallet compromise ($100M, 2023) — which Least Authority had flagged in 2022 — shows that credential and key management issues are known to external researchers before they are known to the protocol team.

**Green / Yellow / Red** Green is the baseline when no credential-related alerts have fired for the protocol's known infrastructure patterns in the trailing 30 days. Yellow fires when a keyword alert fires for a non-critical credential type (e.g., a read-only API key for a public RPC endpoint) — elevated but not immediately exploitable. Red fires when a private key pattern, admin wallet seed phrase, or privileged API endpoint credential matching the protocol's infrastructure patterns is identified in a public paste or dump feed.

**Common gray cases** Gray applies in virtually all cases where the protocol has not provided infrastructure configuration samples to the monitoring service, making pattern-matching against paste sites impossible from an external vantage point — this is the standard state and Gray is expected.

**Notable historical examples** No cross-hacked incidents currently linked in database for this factor.

Measurement what to look for #

Determine whether a public paste site, Sentry-alt, or credential-dump references protocol infrastructure endpoints or API keys.

Data & output #

Data source
Paste monitoring feed (Have I Been Pwned API / PasteHunter) + GitHub secret scanner on public repos + Sentry.io credential exposure
Output format
Green / Yellow / Red
Evidence artifact
Paste URL or scanner report + credential type + curator note
Confidence signal
green = no credential exposure detected; red = active credential leak confirmed; gray = paste monitoring not configured

Scored protocols 80 carry this factor #

Protocol RD-F-164
Aave v3 ethereum green Across Protocol ethereum green Aerodrome Finance base gray Axelar Network ethereum gray Babylon Protocol bitcoin green Balancer (v2 + v3) ethereum green Beefy Finance ethereum gray BENQI avalanche gray BlackRock USD Institutional Digital Liquidity Fund (BUIDL) ethereum green Cap (cUSD / stcUSD) ethereum gray Centrifuge ethereum gray Chainlink CCIP ethereum gray Circle USYC binance gray Compound V3 (Comet) ethereum gray Concrete ethereum gray Convex Finance ethereum gray crvUSD (Curve Stablecoin) ethereum gray Curve Finance ethereum not_assessed deBridge ethereum gray Dolomite ethereum gray dYdX v4 (dYdX Chain) dydx gray EigenLayer ethereum gray Ethena ethereum gray ether.fi ethereum gray Euler V2 ethereum not_assessed Falcon Finance ethereum gray Fluid ethereum green Frax Finance ethereum gray GMX v2 (GMX Synthetics) arbitrum gray Hyperlane ethereum gray Hyperliquid arbitrum gray Jito solana not_assessed Jupiter solana gray Jupiter Perpetual Exchange solana gray JustLend DAO tron gray Kamino Lend solana green Kinetiq hyperliquid gray Lido ethereum not_assessed Liquid Collective (LsETH) ethereum gray Liquity V1 + V2 (LUSD / BOLD) ethereum gray Lista DAO bsc gray Lombard Finance ethereum gray M^0 ethereum green Maple Finance ethereum gray Marinade Finance solana gray Meteora solana gray mETH Protocol ethereum gray Midas ethereum gray Morpho V1 (Morpho Blue + MetaMorpho) ethereum gray Multipli ethereum gray Ondo Finance ethereum gray OpenEden ethereum gray Orca solana gray PancakeSwap bsc gray Pendle Finance ethereum gray Polymarket polygon yellow QuickSwap polygon not_assessed Raydium solana not_assessed Rocket Pool ethereum yellow Sanctum solana gray Save (formerly Solend) solana gray Sky Lending (formerly MakerDAO) ethereum gray Spark Protocol ethereum gray Spiko stellar gray Stake DAO ethereum gray StakeWise v3 ethereum gray Stargate Finance ethereum gray stHYPE (Valantis Labs) hyperliquid gray SUNSwap (sun.io) tron gray Superstate ethereum gray Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap ethereum gray Symbiotic ethereum gray Synapse Protocol ethereum not_assessed Uniswap (v2 + v3) ethereum green USDD (Decentralized USD) tron gray Usual (USD0 / bUSD0 / USUAL) ethereum gray Veda (BoringVault) ethereum gray Venus Protocol bsc gray Wormhole ethereum green Yearn Finance ethereum gray
0 red · 2 yellow · 10 green

Linked hacks no historical incidents linked #

No historical incidents are linked to this factor.
rubric_version v1.7.0 factor RD-F-164 category 11 carried 80 critical no