D11
Operational Security
Incident response speed, deployment hygiene, key management, monitoring infrastructure, and emergency history.
Weight 10%98% confidence
20
Critical
info
How This Score Is Built
Incident response speed, deployment hygiene, key management, monitoring infrastructure, and emergency history.
+23Strong positive
+12Positive
+5Slight positive
−15Strong negative
−8Negative
−3Slight negative
Scoring Tree
BRI Formula
300 + 700 × ∏(Dᵢ/100)^wᵢ
646
Current BRI
D11Operational Security
Weight 10%
20
(20/100)^0.1 = 0.8513
Sub-Scores
Development Practices
27
Incident Response
25
Deployment Hygiene
70
Key Management
5
Monitoring
30
Emergency History
10
Contributing Factors
+4EXPLOITED HACK-POLYMARKET-2026-001 (2026-05-22): private-key compromise of two operational hot wallets on Polygon
+4Drained: 0x871D7c0f...929082 (POL reward wallet) and 0x91430CaD...14E5c5 (UMA CTF Adapter Admin, tagged COMPROMISED on Polygonscan)
+4No HSM/MPC custody on operational wallets controlling protocol-adjacent value (~$700K lost)
+4External detection (ZachXBT) preceded internal detection — no realtime outflow alerting
+4EIP-7702 delegation on drained wallet was Polymarket's own pre-installed scaffolding, not the attack vector
-80Attack pattern: 5,000 POL transfers every ~30 seconds at 415+ gwei priority — single private-key, no multisig, no MPC, no velocity circuit breaker
0Pre-hack key factors carried over: no branch protection, minimal dev activity, default key_management sub-score (70 was overstated)
Sub-Score Breakdown
Development Practices
27
Incident Response
25
Deployment Hygiene
70
Key Management
5
Monitoring
30
Emergency History
10
Score Composition
-80
Attack pattern: 5,000 POL transfers every ~30 seconds at 415+ gwei priority — single private-key, no multisig, no MPC, no velocity circuit breaker
Negativeopen_in_newGitHub Repository
0
Pre-hack key factors carried over: no branch protection, minimal dev activity, default key_management sub-score (70 was overstated)
Neutralopen_in_newGitHub Repository
+4
EXPLOITED HACK-POLYMARKET-2026-001 (2026-05-22): private-key compromise of two operational hot wallets on Polygon
Positiveopen_in_newGitHub Repository
+4
Drained: 0x871D7c0f...929082 (POL reward wallet) and 0x91430CaD...14E5c5 (UMA CTF Adapter Admin, tagged COMPROMISED on Polygonscan)
Positiveopen_in_newGitHub Repository
+4
No HSM/MPC custody on operational wallets controlling protocol-adjacent value (~$700K lost)
Positiveopen_in_newGitHub Repository
+4
External detection (ZachXBT) preceded internal detection — no realtime outflow alerting
Positiveopen_in_newGitHub Repository
+4
EIP-7702 delegation on drained wallet was Polymarket's own pre-installed scaffolding, not the attack vector
Positiveopen_in_newGitHub Repository
Evidence Chain (10 files)
BlackHart AnalysisMay 22, 2026, 11:37 AM
open_in_newOperational Security — GitHub Repositorydevelopment practices: 27
incident response: 25
deployment hygiene: 70
key management: 5
monitoring: 30
emergency history: 10
sha256:20ee044259dd...
GitHub APIMay 20, 2026, 04:55 AM
open_in_newGitHub (Polymarket/ctf-exchange)branch protection: No
required reviews: 0
ci success rate: 1
has ci: Yes
signing ratio: 10%
commits 90d: 2
pr review ratio: 38%
dependabot: No
security policy: No
sha256:37eb428c9455...
GitHub APIMay 19, 2026, 12:40 AM
open_in_newGitHub (Polymarket/ctf-exchange)branch protection: No
required reviews: 0
ci success rate: 1
has ci: Yes
signing ratio: 10%
commits 90d: 2
pr review ratio: 38%
dependabot: No
security policy: No
sha256:0750a592d51c...
BlackHart AnalysisMay 17, 2026, 01:25 AM
open_in_newOperational Security — GitHub Repositorybranch protection: No
required reviews: 0
ci success rate: 1
has ci: Yes
signing ratio: 10%
commits 90d: 2
pr review ratio: 38%
dependabot: No
security policy: No
sha256:4a802c933039...
BlackHart AnalysisMay 16, 2026, 04:42 PM
open_in_newOperational Security — GitHub Repositorybranch protection: No
required reviews: 0
ci success rate: 1
has ci: Yes
signing ratio: 10%
commits 90d: 2
pr review ratio: 38%
dependabot: No
security policy: No
sha256:77e0fa5e94ab...
BlackHart AnalysisMay 16, 2026, 04:25 AM
open_in_newOperational Security — GitHub Repositorybranch protection: No
required reviews: 0
ci success rate: 1
has ci: Yes
signing ratio: 10%
commits 90d: 2
pr review ratio: 38%
dependabot: No
security policy: No
sha256:eab50e7eb1aa...
BlackHart AnalysisMay 15, 2026, 10:35 PM
open_in_newOperational Security — GitHub Repositorybranch protection: No
required reviews: 0
ci success rate: 1
has ci: Yes
signing ratio: 10%
commits 90d: 2
pr review ratio: 38%
dependabot: No
security policy: No
sha256:884370fb8c3b...
BlackHart AnalysisMay 15, 2026, 10:10 PM
open_in_newOperational Security — GitHub Repositorybranch protection: No
required reviews: 0
ci success rate: 1
has ci: Yes
signing ratio: 10%
commits 90d: 2
pr review ratio: 38%
dependabot: No
security policy: No
sha256:9767b138013a...
BlackHart AnalysisMay 15, 2026, 08:50 PM
open_in_newOperational Security — GitHub Repositorybranch protection: No
required reviews: 0
ci success rate: 1
has ci: Yes
signing ratio: 10%
commits 90d: 2
pr review ratio: 38%
dependabot: No
security policy: No
sha256:45db5640e8fa...
BlackHart Analysis—
open_in_newOperational Security — GitHub Repositorybranch protection: No
required reviews: 0
ci success rate: 0
has ci: No
signing ratio: 0
commits 90d: 0
pr review ratio: 0
dependabot: No
security policy: No
sha256:b89e2a240bf1...
Score History
No dimension-level score changes recorded yet.
Methodology: 2.1Formula: 1.1Weights: 1.1