Avg attacker reconnaissance time for peer-class protocols

USDD (Decentralized USD)'s assessment for RD-F-163 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Attacker wallet reconnaissance window for similar-class protocols: CDP/stablecoin issuers with centralized governance and large TVS are high-value reconnaissance targets. Reference pattern: USPD-style 78-day reconnaissance; Lazarus Group typically conducts 30–90 days of reconnaissance before striking (documented across multiple TRON/DeFi incidents). USDD-specific reconnaissance: no confirmed attacker-wallet reconnaissance targeting USDD contracts in accessible public records. However, TRON ecosystem is an active Lazarus target (Poloniex Nov 2023 attributed to Lazarus); $1.475B TVS with centralized minting authority and opaque reserve management creates a high-value reconnaissance target profile. Yellow: class-level elevated reconnaissance risk given TRON ecosystem targeting history; no confirmed active reconnaissance for USDD specifically.

Sources #

URL
Fortune: Lazarus Group 2023 Crypto LossesFortune — Lazarus Group responsible for nearly 20% of crypto losses in 2023 ($300M+), targeting TRON-adjacent entitiesretrieved 2026-05-17
URL
DigiFinex: Poloniex Lazarus AttributionDigiFinex — Poloniex (USDD minter) attributed to Lazarus Group, Nov 2023retrieved 2026-05-17

Methodology #

Report the average number of days of attacker reconnaissance activity before a strike on peer-class protocols (lending/DEX/bridge/perps), sourced from the hack database.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol usdd factor RD-F-163 score yellow collected_at 2026-05-17 11:34:18