Avg attacker reconnaissance time for peer-class protocols

Ethena's assessment for RD-F-163 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No direct reconnaissance activity detected against Ethena core contracts. For the synthetic-dollar / CEX-custody protocol class, the applicable threat model differs from standard on-chain DeFi reconnaissance: (1) USPD-style 78-day on-chain wallet reconnaissance is less applicable to Ethena's architecture (no exploitable on-chain mechanism without CEX/OES compromise); (2) The Drift Protocol precedent (Security Council threshold change 6 days before $285M DPRK exploit) is directly applicable — Ethena's Dev Multisig threshold reduction would be the equivalent pre-strike indicator, none detected; (3) LayerZero infrastructure reconnaissance (as in the Kelp attack — RPC node compromise + DDoS) could apply to Ethena's OFT bridges but is not observable via public on-chain methods. Yellow: protocol class is actively targeted, no direct signal detected but off-chain reconnaissance vectors are not publicly observable.

Sources #

URL
https://www.coindesk.com/tech/2026/04/20/layerzero-blames-kelp-s-setup-for-usd290-million-exploit-attributes-it-to-north-korea-s-lazarusretrieved 2026-05-06
URL
Inside the KelpDAO Bridge Exploit | ChainalysisChainalysis: KelpDAO exploit attribution to Lazarus — infrastructure reconnaissance methodology describedretrieved 2026-04-28

Methodology #

Report the average number of days of attacker reconnaissance activity before a strike on peer-class protocols (lending/DEX/bridge/perps), sourced from the hack database.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol ethena factor RD-F-163 score yellow collected_at 2026-04-28 13:58:51