Avg attacker reconnaissance time for peer-class protocols

Frax Finance's assessment for RD-F-163 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Baseline reconnaissance time for Frax protocol class (CDP/stablecoin + LST + isolated lending + bridge): USPD-style patterns average 78 days (hack DB T-01). DNS/frontend-class (relevant to Frax's prior incidents): Curve DNS 2022 exploitation window 30 min–4h. Frax's 2023 DNS hijack was resolved in ~24h with no funds lost. The 2024-06 X account hack had no on-chain reconnaissance fingerprint. No active reconnaissance patterns against Frax core contracts identified in current posture as of 2026-05-17. At 65 months operational with no on-chain exploit, Frax is not currently on a known attacker's active on-chain reconnaissance trajectory per public evidence. Historical incidents were off-chain/social rather than on-chain pre-strike patterns.

Sources #

URL
Frax Finance — DefiLlama protocol pageFrax Finance 65 months operational (Dec 2020 to May 2026), no on-chain exploit with fund loss documentedretrieved 2026-05-17
URL
CoinDesk — Frax Finance DNS hijack resolutionNov 2023 DNS hijack: off-chain social-engineering attack, resolved in ~24h, no funds lostretrieved 2026-05-17

Methodology #

Report the average number of days of attacker reconnaissance activity before a strike on peer-class protocols (lending/DEX/bridge/perps), sourced from the hack database.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol frax factor RD-F-163 score green collected_at 2026-05-16 20:44:31