DNS/CDN/frontend hash drift

Sanctum's assessment for RD-F-105 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

T-09 v1 phase 2 signal (Tier A — instant grade flip on unscheduled drift). CONFIRMED HISTORICAL EVENT: July 30, 2024, Sanctum lost control of the unstake.it legacy domain to an unknown entity. The domain was being used for scamming/phishing purposes. Team warned users, began blacklisting process within ~1 hour. No confirmed user fund losses reported. The event constitutes a direct RD-F-105 trigger (domain control loss = frontend DNS compromise). Current primary domain sanctum.so: no active compromise detected as of 2026-05-04. Legacy domain unstake.it remains a persistent risk surface for users who recall the prior brand name. Yellow score reflects confirmed historical fire + residual legacy domain risk; current primary domain appears clean.

Sources #

URL
Solana Based Sanctum Protocol Sounds Alarm On Compromised WebsiteCoinGape — Sanctum Protocol Sounds Alarm On Compromised Website (unstake.it)retrieved 2026-05-04
URL
Sanctum Warns Against Unstake.it Domain Due To Potential ScamBinance Square — Sanctum Warns Against Unstake.it Domain July 30 2024retrieved 2026-05-04
URL
Sanctum Protocol Faces Major Security Breach: DetailsCoinspeaker — Sanctum Protocol Faces Major Security Breachretrieved 2026-05-04

Methodology #

Detect whether the hash of production frontend JS changes versus the prior published hash, or a DNS config change is detected.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol sanctum factor RD-F-105 score yellow collected_at 2026-05-04 18:49:23