Avg attacker reconnaissance time for peer-class protocols

dYdX v4 (dYdX Chain)'s assessment for RD-F-163 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

The Jan 2026 supply-chain attack showed a documented 18-day reconnaissance window: priceoracle.site domain registered Jan 9, 2026, with malicious packages published Jan 27, 2026. This is on the shorter end of the USPD 78-day benchmark but demonstrates planned pre-strike infrastructure setup. The Jul 2024 DNS hijacking was part of a broader Squarespace-domain attack wave; reconnaissance time unknown but coordinated. For similar-class protocols (high-profile perps DEX with large developer integrator base), 18-day preparatory windows are within the expected attacker lifecycle for supply-chain-class attacks. Yellow: evidence exists of pre-strike reconnaissance on dYdX-specific attacks within the last 12 months.

Sources #

URL
DNS Nameserver Hijacking PostmortemdYdX DNS hijacking postmortem — Jul 2024 coordinated attack timingretrieved 2026-05-17
URL
Malicious dYdX Packages — domain registration to attack timelineSocket.dev — priceoracle.site registered Jan 9, 2026 (18 days pre-attack)retrieved 2026-05-17

Methodology #

Report the average number of days of attacker reconnaissance activity before a strike on peer-class protocols (lending/DEX/bridge/perps), sourced from the hack database.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol dydx-v4 factor RD-F-163 score yellow collected_at 2026-05-17 09:58:47