DNS/CDN/frontend hash drift

Polymarket's assessment for RD-F-105 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Applicable. polymarket.com is the primary user-facing surface. Current DNS appears stable (no reports of DNS hijacking or cert change as of 2026-04-29). Phishing campaigns (Nov 2025, >$500k) and malicious bot impersonation (Feb 2026) operate off-domain (fake comment links, typosquatted GitHub repos) — these would not trigger the DNS/hash-drift signal. Signal correctly not firing today. Elevated threat environment noted in Cat 11 (RD-F-161).

Sources #

URL
Malicious Polymarket Bot in dev-protocol GitHubStepSecurity — malicious bot campaign (off-domain impersonation)retrieved 2026-04-29
URL
Phishing links in Polymarket private marketsCryptopolitan — phishing links in Polymarket private marketsretrieved 2026-04-29

Methodology #

Detect whether the hash of production frontend JS changes versus the prior published hash, or a DNS config change is detected.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol polymarket factor RD-F-105 score green collected_at 2026-04-29 16:25:39