defirisk.co
rubric v1.7.0

Avg attacker reconnaissance time for peer-class protocols

Lido's assessment for RD-F-163 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

For oracle-compromise class (Chorus One May 2025, Numic May 2024): attack timeline is weeks-to-months of off-chain social engineering or credential-gathering, not observable on-chain until the attack occurs. The USPD 78-day on-chain reconnaissance pattern is more applicable to bridge/lending protocols. For governance-attack class, Lido's Dual Governance 5-45 day veto window substantially extends the detection window. Yellow: reconnaissance window exists but is off-chain in nature, making it harder to detect via on-chain signals.

Sources #

  • URL
    10037https://research.lido.fi/t/emergency-rotation-of-compromised-chorus-one-oracle/10037retrieved 2026-04-28
  • URL
    7536https://research.lido.fi/t/lido-on-ethereum-node-operator-numic-security-incident-disclosure-may-21-2024/7536retrieved 2026-04-28

Methodology #

Report the average number of days of attacker reconnaissance activity before a strike on peer-class protocols (lending/DEX/bridge/perps), sourced from the hack database.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol lido factor RD-F-163 score yellow collected_at 2026-04-28 13:58:42