defirisk.co
rubric v1.7.0

Leaked credential on paste/sentry site

Meteora's assessment for RD-F-164 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Cat 11 threat intelligence signal. No confirmed leaked credential incident for Meteora infrastructure (meteora.ag frontend, proposals.meteora.ag governance forum, docs.meteora.ag) identified in public sources as of 2026-05-16. Meteora has no published SECURITY.md (security_md_present: false per data-cache) and no confirmed SIRT email or security disclosure channel, which increases the risk profile for credential-leak response failures. The absence of a security contact increases the likelihood that a credential disclosure would not be promptly handled. Signal requires paste-site credential-dump monitoring feed (DomainTools, SpyCloud class) not available in this assessment.

Sources #

  • Internal
    Meteora 00-data-cache.json (security fields)00-data-cache.json: security_md_present: false; bug_bounty.platform: null (unconfirmed Immunefi program). No SIRT email found per profile §9.retrieved 2026-05-16

Methodology #

Determine whether a public paste site, Sentry-alt, or credential-dump references protocol infrastructure endpoints or API keys.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol meteora factor RD-F-164 score gray collected_at 2026-05-16 10:03:05