defirisk.co
rubric v1.7.0

DNS/CDN/frontend hash drift

Raydium's assessment for RD-F-105 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Cat 6B exploit-in-progress signal [T-09 v1 phase 2]. raydium.io is a traditional hosted frontend (JavaScript SPA). Signal applicable for DNS A/CNAME monitoring, TLS cert hash, and JS bundle hash drift detection. Threat environment elevated: (1) Multiple active phishing domains registered Sep-Oct 2025: raydiumn.icu (Sept 2025, PhishDestroy flagged), raydium-io.to (high-risk phishing, PhishDestroy), raydiumswap.site (Oct 2025 fake airdrop claim). (2) Bonk.fun domain hijacking March 12, 2026 — a Raydium-backed Solana launchpad had its domain hijacked with a wallet drainer planted. (3) Fake Raydium mobile apps on Apple App Store stealing recovery phrases (2025). Legitimate raydium.io: no DNS hijacking event identified at assessment date. TLS cert monitoring baseline not established. Signal is v1-phase-2 (not yet wired). Yellow because the active phishing ecosystem + Solana ecosystem DNS hijacking precedent (Bonk.fun) represents an elevated precursor environment for raydium.io, even though

Sources #

Methodology #

Detect whether the hash of production frontend JS changes versus the prior published hash, or a DNS config change is detected.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol raydium factor RD-F-105 score yellow collected_at 2026-04-29 12:31:55