Leaked credential on paste/sentry site

Liquid Collective (LsETH)'s assessment for RD-F-164 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

T-09 v2 deferred; manual triage via paste/credential-dump monitoring feed required. No paste-site leak or credential dump involving Liquid Collective, Alluvial, or Galaxy Digital (post-acquisition December 2025) found in public web sources. The relevant surfaces include security@liquidcollective.io SIRT email, Alluvial/Galaxy internal API credentials, and Oracle Operator infrastructure keys. Requires specialized paste-monitoring feed not assessable from public sources.

Sources #

URL
Vulnerability Disclosure Policy - Liquid Collective SecurityVulnerability disclosure contact: security@liquidcollective.io; official policy at github.com/liquid-collective/security/blob/main/VULNERABILITY_DISCLOSURE.mdretrieved 2026-05-17

Methodology #

Determine whether a public paste site, Sentry-alt, or credential-dump references protocol infrastructure endpoints or API keys.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol liquid-collective factor RD-F-164 score gray collected_at 2026-05-16 19:46:23