Avg attacker reconnaissance time for peer-class protocols

Raydium's assessment for RD-F-163 — scored not_assessed on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Cat 11 threat intel signal (v1-deferred). Curator-assessed from hack DB and peer-class comparison. Dec 2022 attack: compressed reconnaissance (off-chain trojan, not multi-week on-chain reconnaissance; single session execution once key obtained; funding via FixedFloat 5ndLnEYqSFiA5yUFHo6LVZ1eWc6Rhh11K5CfJNkoHEPs, a no-KYC exchange). Attacker wallet linked to prior Solana NFT rug projects and wallet draining — suggests opportunistic threat actor, not state-sponsored APT. For Solana DeFi peer class: DPRK attacks average 3–6 months social engineering (Drift: 6 months; Lazarus prior patterns: 1–3 months). Requires manual curator input for peer-class reconnaissance time computation. Gray per taxonomy (M curation mode, S cadence — static assessment only).

Sources #

URL
$285M Drift Hack Traced to Six-Month DPRK Social Engineering Operation — Hacker NewsDrift April 2026: 6-month social engineering reconnaissance before $285M DPRK exploit — peer-class reference for Solana DeFi reconnaissance timeretrieved 2026-04-29
URL
Raydium Detailed Post-MortemPost-mortem: Dec 2022 attack executed in single session; attacker wallet linked to prior NFT rug projectsretrieved 2026-04-29

Methodology #

Report the average number of days of attacker reconnaissance activity before a strike on peer-class protocols (lending/DEX/bridge/perps), sourced from the hack database.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol raydium factor RD-F-163 score not_assessed collected_at 2026-04-29 12:31:55