defirisk.co
rubric v1.7.0

Hot-wallet signer flag

A governance & admin factor in the v1.7.0 rubric. Measured per protocol on a s cadence.

Methodology how we score #

**What this measures** This factor identifies whether one or more signers on a protocol's governance multisig are using addresses consistent with a hot wallet — characterized by patterns such as browser-wallet transaction signing, gas payment from exchange withdrawals, or activity from multiple simultaneous IP-routed transactions. Hot wallet signers indicate that the private key is stored in software accessible from an internet-connected device, rather than in a hardware security module or offline hardware wallet.

**Why it matters** The operational security of a multisig's threshold guarantee depends on the security of each individual signer's key storage. A 5-of-8 multisig where five signers use browser extension wallets has a materially lower effective security than the same configuration with hardware wallets — because phishing, malware, or targeted key extraction is possible against software wallets. The Harmony Bridge and Radiant Capital II exploits both involved signers whose key exposure was facilitated by software-side compromise. Three in-sample hacks in the database have the hot-wallet signer pattern as a contributing factor.

**Green / Yellow / Red** Green is assigned when all multisig signers demonstrably use hardware wallets or HSMs, verifiable via on-chain signing patterns or published custody disclosure. Yellow covers configurations where hardware wallet use is claimed but not verifiable, or where some but not all signers use hardware keys. Red is assigned when one or more signers show on-chain patterns consistent with software wallet usage and no hardware wallet evidence exists.

**Common gray cases** This factor is grayed when the signer list is not public, making wallet type inference impossible, or when the protocol uses a smart-contract wallet with native MFA that renders the hardware/software distinction moot.

**Notable historical examples** - **Harmony Horizon Bridge** ($100M, 2022): 2-of-5 multisig with hot wallet signers; combined with minimum threshold, key compromise caused full bridge drain. - **Radiant Capital** ($53M, 2024): Signers' hardware devices were themselves compromised via supply-chain attack, demonstrating that hot-vs-hardware distinction is a necessary but not sufficient safeguard. - **Poly Network (2nd incident)** ($4.4M, 2023): 3-of-4 threshold with compromised signer keys enabled forged cross-chain proof minting.

Measurement what to look for #

Determine whether ≥1 multisig signer address exhibits on-chain behavior consistent with a hot wallet (web-wallet signing pattern, no hardware signing indicators).

Data & output #

Data source
On-chain tx patterns for signer addresses: nonce velocity, gas-price jitter, signing-time distribution; Etherscan tx history
Output format
Green / Yellow / Red
Evidence artifact
Signer address list + behavioral heuristic flags per address
Confidence signal
green = all signers show hardware-wallet-consistent pattern; yellow = one signer ambiguous; red = ≥1 signer shows clear hot-wallet pattern; gray = insufficient signing history (<5 txs)

Scored protocols 80 carry this factor #

Protocol RD-F-030
Aave v3 ethereum yellow Across Protocol ethereum gray Aerodrome Finance base gray Axelar Network ethereum gray Babylon Protocol bitcoin gray Balancer (v2 + v3) ethereum not_assessed Beefy Finance ethereum gray BENQI avalanche gray BlackRock USD Institutional Digital Liquidity Fund (BUIDL) ethereum yellow Cap (cUSD / stcUSD) ethereum gray Centrifuge ethereum yellow Chainlink CCIP ethereum gray Circle USYC binance yellow Compound V3 (Comet) ethereum gray Concrete ethereum gray Convex Finance ethereum gray crvUSD (Curve Stablecoin) ethereum yellow Curve Finance ethereum gray deBridge ethereum gray Dolomite ethereum gray dYdX v4 (dYdX Chain) dydx green EigenLayer ethereum gray Ethena ethereum yellow ether.fi ethereum yellow Euler V2 ethereum gray Falcon Finance ethereum gray Fluid ethereum gray Frax Finance ethereum gray GMX v2 (GMX Synthetics) arbitrum gray Hyperlane ethereum yellow Hyperliquid arbitrum yellow Jito solana gray Jupiter solana gray Jupiter Perpetual Exchange solana not_assessed JustLend DAO tron not_applicable Kamino Lend solana gray Kinetiq hyperliquid gray Lido ethereum gray Liquid Collective (LsETH) ethereum yellow Liquity V1 + V2 (LUSD / BOLD) ethereum not_applicable Lista DAO bsc gray Lombard Finance ethereum gray M^0 ethereum not_applicable Maple Finance ethereum gray Marinade Finance solana yellow Meteora solana gray mETH Protocol ethereum gray Midas ethereum yellow Morpho V1 (Morpho Blue + MetaMorpho) ethereum gray Multipli ethereum yellow Ondo Finance ethereum gray OpenEden ethereum gray Orca solana gray PancakeSwap bsc gray Pendle Finance ethereum gray Polymarket polygon gray QuickSwap polygon yellow Raydium solana green Rocket Pool ethereum not_applicable Sanctum solana gray Save (formerly Solend) solana red Sky Lending (formerly MakerDAO) ethereum gray Spark Protocol ethereum gray Spiko stellar gray Stake DAO ethereum gray StakeWise v3 ethereum gray Stargate Finance ethereum gray stHYPE (Valantis Labs) hyperliquid gray SUNSwap (sun.io) tron not_applicable Superstate ethereum yellow Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap ethereum gray Symbiotic ethereum gray Synapse Protocol ethereum not_assessed Uniswap (v2 + v3) ethereum not_applicable USDD (Decentralized USD) tron not_applicable Usual (USD0 / bUSD0 / USUAL) ethereum gray Veda (BoringVault) ethereum gray Venus Protocol bsc gray Wormhole ethereum gray Yearn Finance ethereum gray
1 red · 15 yellow · 2 green

Linked hacks 3 historical incidents #

causalRadiant Capital — Compromised multisig private keys → malicious contract upgrade → pool ownership transfer → drain2024-10-16 · $53M · Compromised multisig private keys → malicious contract upgrade → pool ownership transfer → drain · Hot-wallet signer flag on multisig [via cross-hack: Factor 23: Minimum-Threshold Multisig With Hot Wallet Signers]
causalPoly Network (2nd incident) — Compromised 3-of-4 multisig → forged deposit proofs → cross-chain withdrawal drain2023-07-01 · $4M · Compromised 3-of-4 multisig → forged deposit proofs → cross-chain withdrawal drain · Hot-wallet signer flag on multisig [via cross-hack: Factor 23: Minimum-Threshold Multisig With Hot Wallet Signers]
causalHarmony Horizon Bridge — Compromised Multisig Private Keys (Hot Wallets)2022-06-23 · $100M · Compromised Multisig Private Keys (Hot Wallets) · Hot-wallet signer flag on multisig [via cross-hack: Factor 23: Minimum-Threshold Multisig With Hot Wallet Signers]
rubric_version v1.7.0 factor RD-F-030 category 2 carried 80 critical no