defirisk.co
rubric v1.7.0

Leaked credential on paste/sentry site

Rocket Pool's assessment for RD-F-164 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Confirmed prior credential/machine compromise: May 26, 2022 security incident — attacker gained access to a Rocket Pool developer's machine, compromising two oDAO nodes, stealing $28K ETH+RPL. Post-mortem published June 2022. Team updated internal security practices post-incident. No paste-site or Sentry credential leak documented in current public data since 2022 remediation. However: (1) paste monitoring not configured at T-10; (2) the 2022 incident establishes that credential-level compromise of oDAO operators is a real attack vector for this protocol. Scored yellow: prior machine compromise documented; current exposure not confirmed but monitoring gap exists.

Sources #

  • URL
    IntoTheBlock — RP nodes hack overviewIntoTheBlock Medium — Rocket Pool overview after experiencing nodes hack (May 2022)retrieved 2026-05-04
  • Governance
    RP post-mortem May 2022Rocket Pool governance post-mortem — security incident 26 May 2022: developer machine compromised, two oDAO nodes accessed, $28K ETH+RPL stolenretrieved 2026-05-04

Methodology #

Determine whether a public paste site, Sentry-alt, or credential-dump references protocol infrastructure endpoints or API keys.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol rocket-pool factor RD-F-164 score yellow collected_at 2026-05-04 15:40:28