Avg attacker reconnaissance time for peer-class protocols
Jupiter Perpetual Exchange's assessment for RD-F-163 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Attacker wallet reconnaissance time before strike (days, for similar protocol class). Curator assessment for Solana perps / high-TVL closed-source programs. Hack DB evidence: (1) Drift 2026-04-01 DPRK attack — approximately 6 months (180+ days) of reconnaissance including social engineering, real-capital deposits ($1M+), conference attendance by UNC4736 operatives. (2) USPD baseline pattern: 78 days average. For nation-state-class DPRK attacks on high-TVL Solana protocols, reconnaissance horizon is 90-180+ days. Jupiter Perps at $691M TVL (30-month-old protocol) is a plausible DPRK target following the Drift precedent. Any current undetected reconnaissance could already be significantly advanced. Scored yellow: elevated threat environment for peer-class protocols; assessment cannot observe ongoing reconnaissance; DPRK has demonstrated interest in Solana perps ecosystem specifically.
Sources #
- URLTRM Labs — Drift DPRK AnalysisTRM Labs — Drift DPRK heist analysis. Documents UNC4736 reconnaissance pattern including real-capital deposits and social engineering.retrieved 2026-05-16
- NomosLabs — Drift Protocol Post-MortemNomosLabs — Drift Protocol 2026-04-01 post-mortem. Documents 6-month DPRK reconnaissance campaign preceding the $285M exploit.retrieved 2026-05-16
Methodology #
Report the average number of days of attacker reconnaissance activity before a strike on peer-class protocols (lending/DEX/bridge/perps), sourced from the hack database.
See the full factor methodology and distribution across all protocols →