defirisk.co
rubric v1.7.0

Leaked credential on paste/sentry site

Raydium's assessment for RD-F-164 — scored not_assessed on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Cat 11 threat intel signal (v1-deferred). No public paste-site or Sentry credential dump referencing Raydium infrastructure endpoints or API keys identified in available public sources as of 2026-04-29. Raydium has a published SECURITY.md (data cache: security_md_present: true) indicating responsible disclosure channel. No credential leak for Raydium infra (Discord, Telegram admin, GitHub org keys, frontend API keys) identified. Gap: production monitoring requires automated credential-dump feed (e.g., HaveIBeenPwned, IntelligenceX), which is a proprietary tool dependency per the taxonomy (M curation mode). Assessment based on public OSINT only.

Sources #

  • Curator note
    Assessment curator noteNo paste-site or Sentry credential dump for Raydium infra found via public OSINT; gap: requires proprietary credential-dump monitoring feed for production assessmentretrieved 2026-04-29
  • GitHub
    raydium-io/raydium-amm GitHub — SECURITY.md presentraydium-io/raydium-amm: security_md_present: true (data cache); responsible disclosure channel publishedretrieved 2026-04-29

Methodology #

Determine whether a public paste site, Sentry-alt, or credential-dump references protocol infrastructure endpoints or API keys.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol raydium factor RD-F-164 score not_assessed collected_at 2026-04-29 12:31:55