Avg attacker reconnaissance time for peer-class protocols

Orca's assessment for RD-F-163 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Avg attacker reconnaissance time for peer-class DEX protocols. Class-level statistic from hack DB. For DPRK-class attacks on large Solana DEXes, reconnaissance windows of weeks-to-months are consistent with the evidence: USPD pattern (78 days), Drift Protocol (weeks of insider preparation before $285M exploit), Bybit (months of social engineering). For DEX-class protocols generally, reconnaissance >= 30 days is consistent with the evidence. Green threshold (>=30 days) is met for this class.

Sources #

URL
TRM Labs — Bybit hack, North Korean hackers, Solana DEX launderinghttps://www.trmlabs.com/resources/blog/the-bybit-hack-following-north-koreas-largest-exploitretrieved 2026-05-16
URL
Drift Protocol exploit — DPRK pattern, weeks of reconnaissance preceding $285M Solana DeFi exploithttps://www.cryptopolitan.com/drift-protocol-exploit-linked-to-bybit-hack/retrieved 2026-05-16

Methodology #

Report the average number of days of attacker reconnaissance activity before a strike on peer-class protocols (lending/DEX/bridge/perps), sourced from the hack database.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol orca factor RD-F-163 score green collected_at 2026-05-16 02:39:16