defirisk.co
rubric v1.7.0

Leaked credential on paste/sentry site

Ethena's assessment for RD-F-164 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Manual curator-only check; not assessable via public OSINT within this assessment. Ethena does not publish a SIRT email or security contact (gap documented in profile §9). The Sep 2024 domain registrar attack was social engineering of registrar credentials (not a paste-site credential leak), but demonstrates that Ethena's infrastructure credentials are a target. Requires paste/credential-dump monitoring feed (e.g., Have I Been Pwned enterprise, SpyCloud) — structural gray for static assessment.

Sources #

  • Curator note
    Ethena Docs — No published SIRT emailPaste/cred-dump feed required; not assessable via public OSINT. Ethena security contact gap documented in 00-profile.md §9.retrieved 2026-04-28

Methodology #

Determine whether a public paste site, Sentry-alt, or credential-dump references protocol infrastructure endpoints or API keys.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol ethena factor RD-F-164 score gray collected_at 2026-04-28 13:58:51