Avg attacker reconnaissance time for peer-class protocols

Across Protocol's assessment for RD-F-163 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Avg attacker reconnaissance time for peer-class protocols | Bridge-class reconnaissance average: based on in-sample hack DB data (T-01 §3), bridge exploits show highly variable recon windows. Ronin: minimal pre-strike recon (hours). Wormhole (Solana guardian bug): zero-day, minimal. Nomad: days. Kelp DAO (April 2026): Lazarus attributed, unclear recon window. USPD analysis suggests 78-day average for well-resourced actors. Bridge class with governance social engineering (Drift Protocol): 6-mo...

Sources #

Curator note
Extracted from 06-realtime-intel.md — RD-F-163; no URL citedretrieved 2026-04-28

Methodology #

Report the average number of days of attacker reconnaissance activity before a strike on peer-class protocols (lending/DEX/bridge/perps), sourced from the hack database.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol across-protocol factor RD-F-163 score yellow collected_at 2026-04-30 21:19:18