defirisk.co
rubric v1.7.0

Incident response time (minutes)

A operational history factor in the v1.7.0 rubric. Measured per protocol on a e cadence.

Methodology how we score #

**What this measures** This factor records the elapsed time in minutes between the first on-chain transaction of the most recent exploit and the first official team statement (tweet, blog post, Discord announcement, or governance forum post) acknowledging the incident. For off-chain-initiated exploits where the on-chain drain is the primary event, the clock starts at the first anomalous transaction. This factor applies only to protocols with at least one prior incident; for protocols with no incidents it is marked gray.

**Why it matters** Incident response time is a direct measure of monitoring maturity and operational preparedness. Badger DAO had malicious approvals visible on-chain for twelve days before the drain; Harmony Bridge's $100M exploit had a fourteen-hour detection lag before the team publicly acknowledged it. Fast detection and communication enables depositors to take protective action (withdrawing remaining funds) and allows the protocol to invoke emergency pause functions before the drain is complete. In the dataset, median response time across Medium and High detectability hacks was approximately forty-five minutes; protocols with sub-fifteen-minute response times generally had active monitoring infrastructure and pause capabilities.

**Green / Yellow / Red** Green: first official team statement within fifteen minutes of first anomalous on-chain transaction. Yellow: response time between fifteen minutes and four hours. Red: response time exceeding four hours, or no public statement within twenty-four hours of confirmed drain.

**Common gray cases** For off-chain-initiated exploits (e.g., private key compromise) where the first on-chain signal is the drain itself, response time is measured from first drain transaction to first public statement, which may be instantaneous if monitoring detected the key compromise. Curator judgment required on determining the correct clock-start event.

**Notable historical examples** No cross-hacked incidents currently linked in database for this factor.

Measurement what to look for #

Measure the time in minutes from the first exploit transaction to the first official team statement for the most recent incident.

Data & output #

Data source
Exploit first-tx timestamp (Etherscan) + earliest team statement timestamp (Twitter/X, Discord, governance forum)
Output format
Green / Yellow / Red
Evidence artifact
Exploit tx hash + exploit block timestamp + team statement URL + statement timestamp + minutes-delta
Confidence signal
green = ≤60 min; yellow = 61–240 min; red = >240 min or no statement; gray = no prior incidents (N/A)

Scored protocols 80 carry this factor #

Protocol RD-F-085
Aave v3 ethereum green Across Protocol ethereum not_applicable Aerodrome Finance base green Axelar Network ethereum green Babylon Protocol bitcoin gray Balancer (v2 + v3) ethereum green Beefy Finance ethereum yellow BENQI avalanche not_applicable BlackRock USD Institutional Digital Liquidity Fund (BUIDL) ethereum not_applicable Cap (cUSD / stcUSD) ethereum gray Centrifuge ethereum gray Chainlink CCIP ethereum gray Circle USYC binance not_applicable Compound V3 (Comet) ethereum gray Concrete ethereum not_applicable Convex Finance ethereum yellow crvUSD (Curve Stablecoin) ethereum green Curve Finance ethereum yellow deBridge ethereum green Dolomite ethereum green dYdX v4 (dYdX Chain) dydx yellow EigenLayer ethereum green Ethena ethereum green ether.fi ethereum green Euler V2 ethereum yellow Falcon Finance ethereum gray Fluid ethereum yellow Frax Finance ethereum gray GMX v2 (GMX Synthetics) arbitrum gray Hyperlane ethereum gray Hyperliquid arbitrum green Jito solana gray Jupiter solana gray Jupiter Perpetual Exchange solana not_applicable JustLend DAO tron not_applicable Kamino Lend solana gray Kinetiq hyperliquid not_applicable Lido ethereum green Liquid Collective (LsETH) ethereum not_applicable Liquity V1 + V2 (LUSD / BOLD) ethereum gray Lista DAO bsc yellow Lombard Finance ethereum gray M^0 ethereum gray Maple Finance ethereum yellow Marinade Finance solana yellow Meteora solana not_applicable mETH Protocol ethereum gray Midas ethereum gray Morpho V1 (Morpho Blue + MetaMorpho) ethereum green Multipli ethereum gray Ondo Finance ethereum gray OpenEden ethereum gray Orca solana not_applicable PancakeSwap bsc yellow Pendle Finance ethereum gray Polymarket polygon red QuickSwap polygon gray Raydium solana yellow Rocket Pool ethereum gray Sanctum solana gray Save (formerly Solend) solana green Sky Lending (formerly MakerDAO) ethereum yellow Spark Protocol ethereum gray Spiko stellar gray Stake DAO ethereum not_applicable StakeWise v3 ethereum green Stargate Finance ethereum gray stHYPE (Valantis Labs) hyperliquid green SUNSwap (sun.io) tron not_applicable Superstate ethereum green Sushi (SushiSwap) — v2 + v3 + Trident + BentoBox/Kashi + SushiXSwap ethereum green Symbiotic ethereum gray Synapse Protocol ethereum not_assessed Uniswap (v2 + v3) ethereum gray USDD (Decentralized USD) tron not_applicable Usual (USD0 / bUSD0 / USUAL) ethereum green Veda (BoringVault) ethereum not_applicable Venus Protocol bsc yellow Wormhole ethereum gray Yearn Finance ethereum yellow
1 red · 14 yellow · 19 green

Linked hacks 1 historical incident #

illustrativeVenus Protocol (zkSync Era deployment) — Empty-market donation attack on a freshly-deployed market with no virtual liquidity / no `_decimalsOffset()` first-depositor protection2025-03-29 · $902K · Empty-market donation attack on a freshly-deployed market with no virtual liquidity / no `_decimalsOffset()` first-depositor protection · Part of Venus chronic-pattern cluster (this + 2026-03-15 BNB Chain incident) per PD-022
rubric_version v1.7.0 factor RD-F-085 category 5 carried 80 critical no