defirisk.co
rubric v1.7.0

Avg attacker reconnaissance time for peer-class protocols

Yearn Finance's assessment for RD-F-163 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Attacker wallet reconnaissance time before strike (days), for similar-class protocols. Peer class: yield aggregator. Historical Yearn attacker reconnaissance window: Exploit 1 (2021-02-04) — Tornado Cash preparatory txs same day as attack (hours). Exploit 2 (2023-04-13) — TC funding shortly before; minimal visible reconnaissance (vulnerability was static/dormant for 1,156 days). Exploit 3 (2023-11-30) — Railgun seed 30 minutes before attack; helper contracts deployed minutes before. Exploit 4 (2023-12-16) — same-day attack using Morpho flash loan. Pattern: Yearn attackers are predominantly short-fuse/opportunistic (hours to minutes), not extended-reconnaissance (78-day DPRK-class). This is protective from a signal-lead-time perspective but means that when an attack comes, the detection window is very short. Legacy vault residue means any attacker that discovers a new misconfiguration can exploit it quickly. Yellow: elevated by legacy vault surface creating ongoing opportunistic reconna

Sources #

  • URL
    CoinPedia — Yearn yETH $9M exploitCoinPedia: 'Yearn Finance Hit by $9M Exploit as Hacker Mints Infinite yETH Tokens' — exploit 3 details; confirms 30-min Railgun-to-attack window.retrieved 2026-05-16
  • Internal
    Yearn hacksdatabase — attacker reconnaissance window analysis across 4 exploitshacksdatabase/hacks/yearn-rekt1.md: Tornado Cash preparatory transactions same day; hacksdatabase/hacks/yearn-rekt3.md: 'Railgun funding transaction 30 minutes before attack'; hacksdatabase/hacks/yearn-rekt4.md: 'same-day attack pattern using 30M USDC Morpho flash loan.' All exploits: opportunistic/short-fuse, not extended-reconnaissance.retrieved 2026-05-16

Methodology #

Report the average number of days of attacker reconnaissance activity before a strike on peer-class protocols (lending/DEX/bridge/perps), sourced from the hack database.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol yearn-finance factor RD-F-163 score yellow collected_at 2026-05-16 08:34:32