Real-capital social-engineering persona
Chainlink CCIP's assessment for RD-F-184 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Per process-learnings guidance and taxonomy definition: mark gray + note the Drift comparator (UNC4736 6-month capital-deposit persona build-up) as the reference pattern. Chainlink Labs is a 600-employee established corporate entity with multi-year public history, ISO 27001 + SOC 2 certification, and VC backing. The insider-persona attack vector targets younger less-established teams. No curator-flagged persona identified for CCIP. Evidence of absence cannot be established for a pattern designed to leave no public trace. CCIP's RBACTimelock + MCMS multi-signer model provides structural resistance to single-insider escalation. Gray is the correct score — spending time proving absence of something designed to leave no trace is explicitly ruled out by process-learnings.
Sources #
- Internal03-taxonomy.md F184 batch-24 definition03-taxonomy.md batch-24 F184 definition — cites Drift Apr 2026 UNC4736 as reference pattern; P1 not P0; M-only OSINTretrieved 2026-05-16
- Process-learnings.md F184 guidanceProcess-learnings.md — F184 guidance: mark gray + note Drift comparator; do not spend time proving absence of something designed to leave no public traceretrieved 2026-05-16
Methodology #
Determine whether a curator-flagged "team contributor" or "external integrator" persona has ≥$1M of attributed real-capital deposits to the target protocol or peer protocols, potentially used to build credibility ahead of a social-engineering attack.
See the full factor methodology and distribution across all protocols →