Avg attacker reconnaissance time for peer-class protocols

Midas's assessment for RD-F-163 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Average attacker reconnaissance time for peer-class protocols. T-01 hack database has thin sample data for the RWA-issuer attack class specifically (tokenized treasury issuers have not been the primary DeFi exploit target historically; fewer than 3 confirmed in-sample exploits in this specific class). Qualitative analogues: DPRK/Lazarus social-engineering attacks against institutional DeFi — Drift Protocol Apr 2026: 6-month persona build before $285M exploit; KelpDAO Apr 2026: infrastructure reconnaissance preceded attack. Taxonomy threshold: green ≥30 days average, yellow 7–29 days, red <7 days average for the class. RWA-issuer class reconnaissance is qualitatively expected to be ≥30 days (DPRK social-engineering pattern), but formal measurement is not possible with current DB sample. Yellow assigned for thin sample rather than confident green assignment.

Sources #

URL
Chainalysis — KelpDAO/DPRK exploit: reconnaissance pattern contextChainalysis — KelpDAO Bridge Exploit context: DPRK/Lazarus reconnaissance and infrastructure attack patterns; same bridge class as Midasretrieved 2026-05-16

Methodology #

Report the average number of days of attacker reconnaissance activity before a strike on peer-class protocols (lending/DEX/bridge/perps), sourced from the hack database.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol midas factor RD-F-163 score yellow collected_at 2026-05-16 09:34:55