Avg attacker reconnaissance time for peer-class protocols

Usual (USD0 / bUSD0 / USUAL)'s assessment for RD-F-163 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Sector baseline: DPRK/Lazarus reconnaissance window is 30–78 days for large cross-chain bridge+stablecoin targets (USPD class). Usual combines two high-DPRK-interest surfaces: (1) LayerZero OFT bridge adapter on Ethereum with $100M+ TVL backing, and (2) stablecoin with Curve pool surface — matching the Kelp DAO (April 2026, $292M via LayerZero DVN) attack class profile. No active reconnaissance attributed to Usual in public sources. Yellow reflects elevated structural risk given the dual-surface profile (OFT adapter + large stablecoin brand), not confirmed reconnaissance.

Sources #

URL
UPI — Kelp DAO Lazarus Group LayerZero hackNorth Korean hackers tied to Kelp DAO LayerZero exploit (2026-04) — $292M; same surface class as Usual OFT adapterretrieved 2026-05-17
Internal
Usual protocol profile — §7 external dependencies00-profile.md §7 — USD0 LayerZero OFT Adapter 0xE14C486b93C3B62F76F88cf8FE4B36fb672f3B26; DVN config unverified (dvn_configs = [] in cache)retrieved 2026-05-17

Methodology #

Report the average number of days of attacker reconnaissance activity before a strike on peer-class protocols (lending/DEX/bridge/perps), sourced from the hack database.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol usual factor RD-F-163 score yellow collected_at 2026-05-16 20:39:44