Avg attacker reconnaissance time for peer-class protocols

deBridge's assessment for RD-F-163 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

**Phase:** v1 deferred (P2; backward-looking annotation rather than trigger) **Applicable:** Informational context — for bridge protocols of this class (threshold-signature validators), the Harmony Horizon exploit involved months of key compromise; the Ronin exploit involved ~100 days of validator key acquisition; the Drift DPRK attack involved ~6 months of social engineering. The deBridge August 2022 phishing attempt occurred approximately 6 months after mainnet launch (Feb 2022) — consisten...

Sources #

URL
https://www.trmlabs.com/resources/blog/north-korean-hackers-attack-drift-protocol-in-285-million-heistretrieved 2026-04-28
URL
https://www.fbi.gov/news/press-releases/fbi-confirms-lazarus-group-cyber-actors-responsible-for-harmonys-horizon-bridge-currency-theftretrieved 2026-04-28

Methodology #

Report the average number of days of attacker reconnaissance activity before a strike on peer-class protocols (lending/DEX/bridge/perps), sourced from the hack database.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol debridge factor RD-F-163 score gray collected_at 2026-04-28 01:27:58