defirisk.co
rubric v1.7.0

Protocol social channel has scam-coordinator flag

A threat intelligence & recon factor in the v1.7.0 rubric. Measured per protocol on a e cadence.

Methodology how we score #

**What this measures** This episodic signal fires when the curator's scam-coordinator watchlist identifies a member of the protocol's official Telegram or Discord community channels as a known scam coordinator — an account previously associated with coordinated social-engineering attacks, fake-airdrop scams, or phishing campaigns targeting DeFi users. Detection is manual curator monitoring of protocol social channels combined with cross-referencing against a maintained scam-coordinator database. Category 11 context: scam coordinators embedded in community channels are both a direct attack vector (phishing links in community posts) and a reconnaissance channel for gathering intelligence about team behavior and user wallet sizes.

**Why it matters** Community channel infiltration is documented in several dataset incidents as a concurrent attack vector. Badger DAO ($120M) saw coordinated social media amplification of the malicious approval-harvesting campaign. Infini ($49.5M) involved a rogue insider with both on-chain access and social channel presence. In the broader DeFi landscape, fake-airdrop scams launched from compromised community channels have drained tens of millions in aggregate. A scam coordinator embedded in the protocol's official channels has access to user sentiment, deployment timing discussions, and team communication patterns that can inform timing and targeting of a concurrent on-chain attack.

**Green / Yellow / Red** Green is the baseline when no known scam-coordinator accounts from the watchlist are identified as members of the protocol's official community channels. Yellow fires when an account with medium-confidence scam-coordinator attribution (curator-flagged but not cross-confirmed by multiple sources) is identified in the community. Red fires when a high-confidence scam coordinator (confirmed by multiple independent sources or with documented prior phishing campaigns) is identified as an active member of the protocol's primary community channel.

**Common gray cases** Gray applies when the protocol's community channels are fully private or invite-only and the curator cannot access them to perform the monitoring sweep, or when the channel is very large (100,000+ members) and comprehensive monitoring is impractical.

**Notable historical examples** No cross-hacked incidents currently linked in database for this factor.

Measurement what to look for #

Determine whether a protocol-adjacent social channel admin is flagged on the curator scam-coordinator watchlist.

Data & output #

Data source
Curator social watchlist (cross-referenced with scam-report aggregators: ScamSniffer, Chainabuse) + Discord/Telegram admin address checks
Output format
Green / Yellow / Red
Evidence artifact
Channel name + flagged admin handle + scam-coordinator watchlist entry
Confidence signal
green = no flagged admins detected; red = scam-coordinator confirmed in protocol channel admin; gray = social channels not identified for this protocol

Scored protocols 80 carry this factor #

Protocol RD-F-165
Aave v3 ethereum yellow Across Protocol ethereum green Aerodrome Finance base gray Axelar Network ethereum gray Babylon Protocol bitcoin yellow Balancer (v2 + v3) ethereum green Beefy Finance ethereum gray BENQI avalanche gray BlackRock USD Institutional Digital Liquidity Fund (BUIDL) ethereum not_applicable Cap (cUSD / stcUSD) ethereum gray Centrifuge ethereum gray Chainlink CCIP ethereum gray Circle USYC binance gray Compound V3 (Comet) ethereum gray Concrete ethereum gray Convex Finance ethereum gray crvUSD (Curve Stablecoin) ethereum gray Curve Finance ethereum not_assessed deBridge ethereum gray Dolomite ethereum gray dYdX v4 (dYdX Chain) dydx gray EigenLayer ethereum gray Ethena ethereum gray ether.fi ethereum gray Euler V2 ethereum gray Falcon Finance ethereum green Fluid ethereum green Frax Finance ethereum gray GMX v2 (GMX Synthetics) arbitrum gray Hyperlane ethereum gray Hyperliquid arbitrum gray Jito solana not_assessed Jupiter solana gray Jupiter Perpetual Exchange solana gray JustLend DAO tron gray Kamino Lend solana green Kinetiq hyperliquid gray Lido ethereum not_assessed Liquid Collective (LsETH) ethereum yellow Liquity V1 + V2 (LUSD / BOLD) ethereum gray Lista DAO bsc yellow Lombard Finance ethereum green M^0 ethereum green Maple Finance ethereum green Marinade Finance solana gray Meteora solana yellow mETH Protocol ethereum gray Midas ethereum gray Morpho V1 (Morpho Blue + MetaMorpho) ethereum yellow Multipli ethereum gray Ondo Finance ethereum green OpenEden ethereum gray Orca solana gray PancakeSwap bsc gray Pendle Finance ethereum gray Polymarket polygon green QuickSwap polygon not_assessed Raydium solana not_assessed Rocket Pool ethereum green Sanctum solana gray Save (formerly Solend) solana gray Sky Lending (formerly MakerDAO) ethereum gray Spark Protocol ethereum green Spiko stellar not_applicable Stake DAO ethereum gray StakeWise v3 ethereum gray Stargate Finance ethereum gray stHYPE (Valantis Labs) hyperliquid gray SUNSwap (sun.io) tron gray Superstate ethereum green Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap ethereum gray Symbiotic ethereum gray Synapse Protocol ethereum not_assessed Uniswap (v2 + v3) ethereum green USDD (Decentralized USD) tron gray Usual (USD0 / bUSD0 / USUAL) ethereum gray Veda (BoringVault) ethereum gray Venus Protocol bsc gray Wormhole ethereum gray Yearn Finance ethereum gray
0 red · 6 yellow · 14 green

Linked hacks no historical incidents linked #

No historical incidents are linked to this factor.
rubric_version v1.7.0 factor RD-F-165 category 11 carried 80 critical no