Admin EOA signing from new geography/device

Wormhole's assessment for RD-F-107 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Yes — Guardian node operators have signing keys; a key compromise with unusual geography would indicate insider threat | Off-chain; requires guardian node telemetry; no public visibility into guardian signing geography | Cannot assess — off-chain, requires guardian operator cooperation

Sources #

Curator note
Extracted from 06-realtime-intel.md — RD-F-107; no URL citedretrieved 2026-04-28

Methodology #

Detect whether an admin/upgrader EOA signs from a geography or device fingerprint inconsistent with prior signing history.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol wormhole factor RD-F-107 score gray collected_at 2026-04-28 01:38:43