In late 2024, a significant initiative aimed at bolstering the security of the Ethereum ecosystem was launched. The Ethereum Foundation, in collaboration with prominent security organizations Secureum, The Red Guild, and Security Alliance (SEAL), introduced the ETH Rangers Program. This program was designed to provide crucial financial support, in the form of stipends, to individuals actively engaged in public goods security work within the vast and complex Ethereum network. The core objective was clear and impactful: to empower and fund independent efforts dedicated to enhancing the overall resilience and security of Ethereum, while simultaneously recognizing and rewarding individuals who had already demonstrated a tangible track record of meaningful contributions to critical security initiatives benefiting the entire ecosystem.
The six-month ETH Rangers Program has now concluded, and the results are beginning to surface, showcasing the diverse and impactful work undertaken by its 17 stipend recipients. The breadth of their output is nothing short of impressive, spanning critical areas such as in-depth vulnerability research, the development of essential security tooling, comprehensive educational initiatives, proactive threat intelligence gathering, and rapid incident response capabilities. These collective outcomes underscore a fundamental truth in the realm of decentralized networks: true security is not a monolithic entity but a distributed, collaborative effort. The independent researchers supported by the ETH Rangers Program have collectively built foundational infrastructure and knowledge that will undoubtedly amplify security benefits across the entire Ethereum landscape, from the deepest protocol layers to global developer education.
Genesis and Mission of the ETH Rangers Program
The inception of the ETH Rangers Program arose from a recognized need to foster and sustain the often underappreciated but vital work of independent security researchers within the Ethereum ecosystem. While Ethereum’s core development team and established security firms contribute significantly, a decentralized network thrives on a decentralized defense. This initiative sought to bridge a potential gap by providing direct financial incentives to individuals who, by their own volition and expertise, were already contributing to the ecosystem’s security without necessarily being tied to a specific project or company.
The program’s launch in late 2024 marked a strategic move by the Ethereum Foundation to proactively address potential vulnerabilities and strengthen the network’s defenses against evolving threats. The partnerships with Secureum, The Red Guild, and SEAL brought together organizations with deep expertise in security auditing, research, and community building, ensuring a robust framework for identifying, vetting, and supporting deserving candidates. The explicit goal was to move beyond theoretical discussions of security and translate into tangible improvements and resources for the benefit of all Ethereum users and developers.
Project Highlights and Impactful Contributions
The impact of the ETH Rangers Program is best illustrated through the concrete achievements of its recipients. These individuals, through their dedicated efforts over the six-month stipend period, have delivered a range of critical advancements:
SunSec – DeFiHackLabs: Amplifying Security Education and Tooling
SunSec, in collaboration with the vibrant DeFiHackLabs community, has produced an extraordinary volume of work in security education and the development of essential tooling. Over the stipend period, DeFiHackLabs achieved several key milestones:
- Extensive Educational Content Creation: Developed and disseminated a significant amount of educational material, including tutorials, guides, and workshops, aimed at empowering a wider audience of developers and security researchers with the knowledge to build and audit secure smart contracts.
- Tooling Development and Enhancement: Contributed to the development and refinement of practical security tools that assist in identifying vulnerabilities and improving the security posture of decentralized applications (dApps).
- Community Engagement and Mentorship: Actively engaged with the DeFiHackLabs community, fostering a collaborative environment for learning and problem-solving, thereby acting as a multiplier for security awareness and best practices.
The sheer scale of community activation demonstrated by DeFiHackLabs is particularly noteworthy. By operating as a force multiplier, they transformed a single stipend into a wave of educational output that has reached hundreds of security researchers, significantly enhancing the collective security knowledge base of the Ethereum ecosystem. This approach highlights the power of community-driven initiatives in scaling security efforts.
Ketman Project – DPRK IT Worker Investigations: Tackling a Critical Operational Threat
One recipient focused their stipend on a highly critical and pressing security threat: the infiltration of North Korean (DPRK) IT workers into blockchain projects. The Ketman Project, a dedicated initiative to discover and expel these individuals operating under false identities, has made significant strides. During the stipend period, the project:
- Identified and Reported Malicious Actors: Successfully identified and reported a number of North Korean IT workers who had gained access to blockchain projects, thus preventing potential exploits and malicious activities.
- Developed Advanced Detection Methodologies: Refined and deployed sophisticated methods for identifying disguised DPRK operatives, utilizing a combination of technical analysis and open-source intelligence (OSINT).
- Collaborated with Industry Stakeholders: Worked closely with various blockchain projects and security organizations to share intelligence and coordinate responses, thereby strengthening the ecosystem’s collective defense against this specific threat vector.
This work directly addresses one of the most insidious operational security threats currently facing the Ethereum ecosystem, safeguarding projects from sophisticated, state-sponsored infiltration and potential sabotage. The proactive nature of this research is invaluable in maintaining the integrity of decentralized platforms.
Nick Bax – Incident Response and Threat Intelligence: A Multifaceted Contribution
Nick Bax has made substantial contributions across multiple critical security domains, demonstrating versatility and deep expertise. His work has primarily focused on:
- SEAL 911 Incident Response: Actively participated in the SEAL 911 incident response efforts, providing timely and effective assistance during security incidents within the Ethereum ecosystem, thereby minimizing damage and aiding recovery.
- DPRK Threat Mitigation: Contributed to efforts aimed at mitigating the threat posed by North Korean state-sponsored actors, working in tandem with initiatives like the Ketman Project.
- Public Awareness and Education: Played a key role in raising public awareness about emerging security threats and best practices through various channels, empowering users and developers to better protect themselves.
Bax’s multifaceted contributions underscore the interconnectedness of security efforts, where proactive threat intelligence and responsive incident handling work in concert to create a more secure environment.
Guild Audits – Security Education in Africa and Beyond: Building Future Talent
Guild Audits has undertaken the crucial task of building capacity within the Ethereum security community, particularly in regions that have historically been underrepresented. Their intensive smart contract security bootcamps are designed to train the next generation of Ethereum security researchers. Key achievements include:
- Comprehensive Curriculum Development: Created and delivered a robust curriculum covering advanced smart contract auditing techniques, vulnerability analysis, and secure coding practices.
- Global Reach and Accessibility: Conducted bootcamps that reached participants from diverse geographical locations, with a significant focus on empowering individuals in Africa and other emerging markets.
- Pipeline for Skilled Professionals: Successfully trained and equipped numerous individuals with the skills necessary to enter the field of smart contract security, thereby addressing a growing demand for qualified professionals.
The capacity-building impact of Guild Audits’ bootcamps is profound, establishing a vital pipeline of skilled security researchers in regions that have been historically underserved in the blockchain security landscape. This initiative not only strengthens Ethereum’s security but also promotes inclusivity and equitable growth within the global Web3 community.
Palina Tolmach – Kontrol: Usable Formal Verification
Palina Tolmach, working with Runtime Verification, has focused on enhancing Kontrol, a powerful formal verification tool for Ethereum smart contracts. The goal has been to make this sophisticated tool more accessible and user-friendly for developers and security researchers alike. Significant improvements to Kontrol include:
- Enhanced Usability and Accessibility: Made substantial improvements to the user interface and overall accessibility of Kontrol, lowering the barrier to entry for those looking to leverage formal verification techniques.
- Expanded Verification Capabilities: Integrated new features and expanded the tool’s ability to verify complex smart contract logic, increasing its effectiveness in identifying subtle bugs.
- Improved Developer Experience: Streamlined the integration process and provided clearer documentation, ensuring that developers can more easily incorporate Kontrol into their development workflows.
All of this work has been made open-source, available on GitHub, thereby contributing to the broader formal verification tooling landscape and benefiting all security researchers working within the Ethereum ecosystem. This commitment to open-source development ensures that advancements in formal verification are widely accessible and can be built upon by the community.
Ethereum Execution Client DoS Research: Fortifying Network Infrastructure
A dedicated research team has developed a comprehensive testing framework designed to systematically evaluate the robustness of Ethereum execution clients against message-flooding denial-of-service (DoS) attacks. This critical research involved testing all five major execution clients: Geth, Besu, Erigon, Nethermind, and Reth. The findings revealed significant vulnerabilities:
- Discovery of 14 Bugs: The research team identified a total of 14 bugs across various network protocol layers within the tested execution clients.
- Potential for Network Disruption: These discovered bugs have the potential to lead to a range of issues, including node crashes, increased memory consumption, and the consumption of excessive network bandwidth, all of which could contribute to network instability.
The findings unequivocally highlight that no single execution client is entirely immune to sophisticated message-flooding attacks. This research underscores the urgent need for continued efforts in developing effective countermeasures, such as adaptive rate-limiting mechanisms. The detailed testing framework and the discovered bugs have been shared directly with the Ethereum Foundation’s Protocol Security team, providing crucial intelligence to inform and guide future client security research and development.
Other Stipend Recipients and Their Diverse Contributions
While the detailed write-ups above highlight some of the most prominent projects, the ETH Rangers Program supported a total of 17 individuals, each contributing valuable public goods security work. For brevity, a full account of every project is not feasible here, but the remaining recipients have made significant contributions across a wide spectrum of security-related initiatives:
- Kelsie Nabben authored a book based on extensive ethnographic research into decentralized digital security communities, including SEAL, offering valuable insights into the human element of blockchain security.
- The Mothra team developed Mothra, a Ghidra extension specifically for EVM bytecode reverse engineering, including support for EOF decompilation, and published detailed technical documentation of their development process.
- SomaXBT published a comprehensive four-part series on blockchain forensics and the crypto threat landscape, delving into fund tracing, attribution techniques, and OSINT methodologies.
- Peter Kacherginsky launched BlockThreat, a platform dedicated to blockchain threat intelligence, which analyzes past security incidents and their root causes to inform future prevention strategies.
- Attack Vectors created attackvectors.org, an open-source, continuously updated guide detailing prevalent DeFi attack vectors and offering prevention strategies. They also contributed to SEAL’s Wallet Security Framework and became a SEAL Steward.
- Tim Fan developed D2PFuzz, a DevP2P protocol fuzzing framework featuring differential testing across multiple execution layer clients, successfully identifying bugs through both single-client and cross-client testing.
- nft_dreww contributed through publishing security articles, hosting educational classes via Boring Security, and conducting audits on Ethereum public goods projects.
- Jean-Loïc Mugnier developed a Web3 transaction simulation Chrome extension designed to intercept and simulate transactions before they reach the wallet, alongside research into simulation spoofing.
- Alexandre Melo produced a series of security workshop videos covering topics such as fuzzing, smart accounts, AI-driven auditing, Solana security, and zero-knowledge proofs.
- Ho Nhut Minh enhanced CuEVM, a GPU-accelerated EVM implementation, by adding multi-GPU support and a Golang library for integration with the Medusa fuzzer, with benchmarks conducted on Nvidia H100 GPUs.
- Sergio Garcia built the Tracelon Monitoring Bot, a Telegram bot providing real-time block monitoring for Ethereum, Bitcoin, and Base, with alerts for ERC20 balance changes, and continued to contribute to SEAL 911 incident response.
These diverse contributions showcase the multifaceted nature of "public goods security" within the Ethereum ecosystem. It extends far beyond simply identifying and reporting vulnerabilities; it encompasses the creation of essential tools, the dissemination of vital knowledge through education, the meticulous documentation of threats, the rapid and effective response to security incidents, and the overarching effort to make the entire ecosystem more resilient and secure for all participants.
Looking Ahead: Sustaining Decentralized Defense
The ETH Rangers Program has successfully demonstrated the immense value of supporting independent security work within the Ethereum ecosystem. By providing stipends and recognition, the program has integrated new tools, crucial research, and vital threat intelligence into the broader network. This decentralized approach to defense is fundamental to building a more robust and secure foundation for builders and users worldwide.
The Ethereum Foundation, in conjunction with its partners Secureum, The Red Guild, and SEAL, expresses deep gratitude to all 17 stipend recipients for their invaluable contributions. Special thanks are extended to The Red Guild for their hands-on involvement in reviewing submissions, structuring project milestones, and providing detailed feedback throughout the program’s duration. The collaborative efforts of Secureum and Security Alliance were instrumental in establishing the program’s framework and ensuring its successful execution.
The outcomes of the ETH Rangers Program serve as a powerful testament to the effectiveness of investing in decentralized security initiatives. As the blockchain landscape continues to evolve, fostering such independent research and development will remain critical to safeguarding the integrity and long-term success of Ethereum and the broader Web3 space. The lessons learned and the infrastructure built through this program will undoubtedly contribute to a more secure and resilient future for decentralized technologies.
