Avg attacker reconnaissance time for peer-class protocols
Falcon Finance's assessment for RD-F-163 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Attacker wallet reconnaissance time for peer-class protocols | Applicable: Yes | Synthetic-dollar/basis-trading class has limited exploit history. Using USPD/Drift precedent (78 days) as baseline. CEX-dependent protocols may require longer institutional-layer reconnaissance. 30-120 day recon window provides meaningful detection opportunity if CTI monitoring is live.
Detail #
Synthetic-dollar protocols (Ethena-class, basis-trading) are a relatively new class with limited exploit history. Best available analogues: (1) Drift Protocol DPRK reconnaissance: ~78-day USPD reconnaissance pattern before $285M exploit (Drift is a perps protocol but shares institutional custody characteristics). (2) KelpDAO: months of preparation before Apr 2026 $292M exploit (LZ DVN configuration targeting). Falcon's architecture (off-chain custody via Fireblocks/Ceffu, CEX-based trading) means a sophisticated attacker would need to compromise institutional custody credentials or key signers — a longer reconnaissance requirement than purely on-chain protocols. Estimated reconnaissance window for this class: 30-120 days for state-level actors. This provides a meaningful detection window if CTI monitoring is live and comprehensive enough to catch pre-strike probe activity against Fireblocks/Ceffu API credentials and Safe signer wallets.
Sources #
- URLFalcon Finance — Guide to Transparency and Security (20% on-exchange liquidity threshold)https://falcon.finance/news/a-guide-to-transparency-and-security-in-falcon-financeretrieved 2026-05-12
Methodology #
Report the average number of days of attacker reconnaissance activity before a strike on peer-class protocols (lending/DEX/bridge/perps), sourced from the hack database.
See the full factor methodology and distribution across all protocols →