Avg attacker reconnaissance time for peer-class protocols

Curve Finance's assessment for RD-F-163 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Evidence-based estimate from hack DB and Curve's own incident history. July 2023 Vyper exploit: opportunistic (rapid exploitation within hours of public Vyper bug disclosure; NOT a long-duration reconnaissance strike). August 2022 and May 2025 DNS hijacks: preparation involved cloning a frontend and manipulating DNS records — likely hours to days of preparation, not 78-day USPD reconnaissance. For DPRK-class attacks on similar DEX protocols (Drift Protocol: 6 months reconnaissance), baseline is 30-90 days; Curve's governance model (DAO, no single admin key) reduces insider-implant risk relative to team-controlled protocols. Relevant reconnaissance baseline for Curve's primary attack surface (frontend/DNS) is hours-to-days. Scored yellow: reconnaissance baseline acknowledged; attack vectors proven but shorter than USPD maximum for this protocol class.

Sources #

URL
Curve Finance front end UI compromised following DNS hackAugust 2022 DNS hijack — registrar-level compromise; frontend clone prep time hours-to-daysretrieved 2026-04-28
URL
LlamaRisk — Curve Finance Vyper Exploit Post-MortemJuly 2023 Vyper exploit — rapid exploitation post-bug-disclosure (opportunistic, not reconnaissance-class)retrieved 2026-04-28

Methodology #

Report the average number of days of attacker reconnaissance activity before a strike on peer-class protocols (lending/DEX/bridge/perps), sourced from the hack database.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol curve-v2 factor RD-F-163 score yellow collected_at 2026-04-28 19:48:40