Prior exploit count

Frax Finance's assessment for RD-F-077 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Prior exploit count = 0. Proprietary hacks DB searched case-insensitively for frax, frxeth, frxusd, fraxlend, fraxswap, fraxtal — three file matches were all false positives (FRAX token received/held by attackers in TempleDAO and Fei-Rari exploits; not Frax protocol exploits). No rekt.news article describing a Frax contract exploit found. The three incidents in profile §10 (2023-11 DNS hijack, 2024-06 X account hack, 2025-12 RedemptionQueueV2 allegation) are frontend/social or disclosed-but-unconfirmed, none constituting an on-chain user-fund loss.

Sources #

URL
Attribution Dispute — RedemptionQueueV2 DoS Vulnerability — Frax Governancegov.frax.finance thread #3818 — RedemptionQueueV2 dispute: DoS class, no confirmed on-chain drain of user fundsretrieved 2026-05-17
URL
Frax Finance Says its Domain Name Hijacking Has Been Resolved — CoinDeskCoinDesk — DNS hijack confirmed zero user fund loss (frontend/infra event, not contract exploit)retrieved 2026-05-17
Internal
risk-dashboard/hacksdatabase/hacks/ — case-insensitive grep for frax/frxeth/frxusd/fraxlend/fraxswap/fraxtalHacks DB grep — no Frax-native incident files matchedretrieved 2026-05-17

Methodology #

Count the number of distinct incidents in the hack database affecting this protocol.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol frax factor RD-F-077 score green collected_at 2026-05-16 20:44:31