Avg attacker reconnaissance time for peer-class protocols

ether.fi's assessment for RD-F-163 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Peer-class sector assessment: LRT protocols are elevated-targeting territory post-Kelp ($292M DPRK Apr 2026). Bybit hack (Feb 2025, $1.46B) involved multi-week supply-chain positioning. Drift Protocol ($285M Apr 2026) involved 6-month persona build-up. For ether.fi with $5.13B TVL and $9.17B peak TVL, a 30–90 day reconnaissance window is sector-consistent with peer incidents. No ether.fi-specific recon activity confirmed, but sector elevation warrants yellow.

Sources #

URL
Black April 2026 crypto hack analysisBlack April 2026 DeFi sector analysis — $606M stolen, LRT sector elevatedretrieved 2026-04-28
URL
Lazarus Group KelpDAO attributionKelpDAO Lazarus Group attribution, April 2026 — peer LRT targeted; same LayerZero OFT architectureretrieved 2026-04-28
URL
Drift Protocol $285M hack — reconnaissance time referenceDrift Protocol $285M DPRK exploit Apr 1 2026 — 6-month build-up preceding hackretrieved 2026-04-28

Methodology #

Report the average number of days of attacker reconnaissance activity before a strike on peer-class protocols (lending/DEX/bridge/perps), sourced from the hack database.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol ether-fi factor RD-F-163 score yellow collected_at 2026-04-28 13:58:46