Avg attacker reconnaissance time for peer-class protocols

Rocket Pool's assessment for RD-F-163 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Average attacker reconnaissance time for LST/staking class protocols. LST protocols have two primary attack vectors: (1) oracle manipulation (oDAO for Rocket Pool) — near-instant execution once exploiter controls submission; (2) social/brand attacks (X compromise, phishing) — hours of preparation. Jan 2024 X hack: executed same day as account compromise. Sep 2023 phishing: victim targeted via phishing sites; attack prep estimated days. The 2022 developer machine compromise (oDAO node access): attacker gained access and immediately exfiltrated ($28K ETH+RPL), suggesting near-instant execution post-access. Estimated recon time for RP class: 7–30 days for social engineering, near-instant for opportunistic phishing. Insufficient hack-DB sample for a full green (≥30 days average).

Sources #

URL
https://crypto.news/rocket-pools-x-account-compromised/retrieved 2026-05-06
Governance
RP post-mortem May 2022Rocket Pool post-mortem security incident 26/05 (2022) — oDAO node compromise, immediate exfiltrationretrieved 2026-05-04
URL
https://www.investing.com/news/cryptocurrency-news/crypto-whale-losses-over-24m-in-phishing-scam-3170033retrieved 2026-05-06

Methodology #

Report the average number of days of attacker reconnaissance activity before a strike on peer-class protocols (lending/DEX/bridge/perps), sourced from the hack database.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol rocket-pool factor RD-F-163 score yellow collected_at 2026-05-04 15:40:28