Avg attacker reconnaissance time for peer-class protocols

Hyperlane's assessment for RD-F-163 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Bridge-class protocols of this TVS tier (>$100M) face 30-78 day reconnaissance windows (USPD-style, per hack DB evidence). The open critical GitHub issue #8589 was filed 2026-04-14 — 33 days before this assessment (2026-05-17). If the vulnerability remains unpatched (no public patch evidence found), the protocol is at or near the critical reconnaissance window midpoint. A financially-motivated attacker who obtained the private disclosure details from the researcher (or independently discovered the same vulnerability) faces diminishing time pressure as the disclosure ages and risks going fully public. Yellow: reconnaissance window is at critical stage; no confirmed attacker reconnaissance detected but posture is elevated given open unpatched critical at 33 days.

Sources #

URL
Hyperlane DeFiLlamaDeFiLlama Hyperlane TVL $132.67M as of 2026-05-17 — high-value target for bridge-class attackretrieved 2026-05-17
GitHub
Hyperlane Critical Warp Route Vulnerability DisclosureGitHub issue #8589 — filed 2026-04-14; OPEN as of 2026-05-17; 33 days elapsed since public disclosure; no patch confirmedretrieved 2026-05-17

Methodology #

Report the average number of days of attacker reconnaissance activity before a strike on peer-class protocols (lending/DEX/bridge/perps), sourced from the hack database.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol hyperlane factor RD-F-163 score yellow collected_at 2026-05-16 23:03:56