In late 2024, a significant initiative aimed at bolstering the security of the Ethereum network culminated, revealing a diverse array of impactful contributions from independent researchers and community members. The ETH Rangers Program, a collaborative effort spearheaded by the Ethereum Foundation in partnership with Secureum, The Red Guild, and Security Alliance (SEAL), provided stipends to 17 individuals dedicated to advancing public goods security within the Ethereum ecosystem. The program, which ran for six months, was designed with a clear objective: to fund and recognize independent efforts that demonstrably enhance the resilience of Ethereum, while acknowledging individuals with a proven track record of meaningful contributions to the network’s overall security.
The conclusion of the ETH Rangers Program has unveiled a comprehensive suite of outcomes, spanning critical areas such as vulnerability research, security tooling development, educational initiatives, threat intelligence gathering, and incident response. This broad spectrum of work underscores the program’s success in fostering a decentralized defense mechanism, a crucial element for securing a network as vast and complex as Ethereum. The collective output from these independent researchers has not only fortified existing infrastructure but also laid the groundwork for future security advancements, demonstrating the power of distributed expertise in safeguarding the global decentralized network.
Genesis and Objectives of the ETH Rangers Program
The inception of the ETH Rangers Program arose from a recognized need to systematically support and incentivize the often unheralded but vital work of security professionals within the Ethereum community. While Ethereum’s core development attracts significant attention, the intricate web of security protocols, smart contracts, and infrastructure requires continuous vigilance and dedicated expertise. The program’s organizers identified that many individuals were already engaged in crucial security work on a voluntary basis or through limited funding. The ETH Rangers Program aimed to formalize this support, providing stipends that would allow these individuals to dedicate more time and resources to their impactful projects.
The core tenets of the program were threefold:
- Funding Independent Efforts: To provide financial backing for individuals and small teams working on security-related public goods that directly benefit the Ethereum ecosystem.
- Enhancing Ecosystem Resilience: To support projects that actively improve the robustness, security, and overall stability of Ethereum’s infrastructure and applications.
- Recognizing Demonstrated Contributions: To acknowledge and reward individuals who have already made significant, verifiable contributions to Ethereum security, thereby encouraging continued engagement and leadership.
The collaborative nature of the program was a key strategic element. The Ethereum Foundation provided the overarching framework and funding, while Secureum, The Red Guild, and Security Alliance contributed their specialized expertise in security research, community engagement, and program management. The Red Guild, in particular, played an instrumental role in reviewing submissions, structuring project milestones, and offering detailed feedback throughout the program’s duration, ensuring the quality and impact of the funded projects.
A Chronicle of Security Advancements: Project Highlights
The six-month tenure of the ETH Rangers Program yielded a remarkable breadth of work, showcasing the multifaceted nature of blockchain security. The following project highlights offer a glimpse into the tangible impact of the stipends awarded:
SunSec – DeFiHackLabs: Empowering a Global Community of Security Researchers
The collaboration between SunSec and the DeFiHackLabs community, spearheaded by SunSec, resulted in an extraordinary volume of security education and tooling development. During the stipend period, DeFiHackLabs achieved several key milestones:
- Curated and Published 50+ Vulnerability Write-ups: Detailed analyses of security flaws found in various DeFi protocols, offering invaluable learning resources for developers and auditors.
- Developed 10+ Security Tools: Open-source tools designed to aid in smart contract auditing and vulnerability detection, accessible to the wider developer community.
- Organized 5+ Educational Workshops: Interactive sessions focused on educating security researchers about common attack vectors, best practices, and emerging threats in the DeFi space.
- Facilitated Community Contributions: Actively encouraged and mentored community members to contribute to security research and tooling, fostering a collaborative environment.
The scale of community activation demonstrated by DeFiHackLabs is particularly noteworthy. The initiative functions as a powerful multiplier, transforming a single stipend into widespread educational output that has reached hundreds of security researchers globally. This approach not only enhances individual skills but also collectively elevates the security posture of the entire DeFi ecosystem.
Ketman Project – Exposing North Korean Cyber Threats
One recipient leveraged their stipend to significantly build and scale the Ketman Project, an initiative dedicated to identifying and expelling North Korean (DPRK) IT workers who have infiltrated blockchain projects under deceptive identities. This work directly confronts one of the most pressing operational security threats facing the Ethereum ecosystem today. Over the stipend period, the Ketman Project:
- Developed and Deployed Advanced Detection Tools: Created sophisticated tools and methodologies to identify the digital footprints and operational patterns of DPRK IT workers.
- Identified and Reported Numerous Infiltrations: Successfully uncovered multiple instances of DPRK operatives embedded within blockchain development teams.
- Collaborated with Project Teams: Worked discreetly with affected projects to facilitate the removal of these operatives, thereby safeguarding sensitive information and project integrity.
- Published Threat Intelligence Reports: Disseminated findings and best practices to the broader security community, raising awareness about the persistent threat posed by state-sponsored actors.
The Ketman Project’s efforts represent a critical, albeit often unseen, layer of defense, protecting the integrity of projects and the trust placed in the Ethereum network by its users.
Nick Bax – Incident Response and Threat Intelligence Leadership
Nick Bax’s contributions spanned multiple critical areas, primarily through his involvement with SEAL 911 incident response, DPRK threat mitigation, and public awareness campaigns. His work highlights the essential role of proactive threat intelligence and rapid incident response in maintaining ecosystem security. Key achievements include:
- Leading Incident Response Efforts: Played a pivotal role in coordinating responses to various security incidents within the Ethereum ecosystem, providing crucial technical analysis and strategic guidance.
- Contributing to DPRK Threat Mitigation: Actively supported efforts to counter North Korean cyber threats, leveraging his expertise in tracking and analyzing their operational methods.
- Developing Security Awareness Content: Created and disseminated educational materials to inform developers and users about prevalent security risks and mitigation strategies.
- Mentoring Emerging Security Talent: Provided guidance and support to junior security researchers, helping to cultivate the next generation of Ethereum security professionals.
Bax’s multifaceted contributions underscore the interconnectedness of different security disciplines and the importance of experienced individuals who can bridge the gap between technical analysis and practical defense.
Guild Audits – Cultivating Security Expertise in Africa and Beyond
Guild Audits focused on a crucial aspect of long-term security: capacity building. They conducted intensive smart contract security bootcamps, aimed at training the next generation of Ethereum security researchers. The impact of these bootcamps is significant, as they:
- Trained Hundreds of Aspiring Security Professionals: Provided comprehensive education on smart contract security principles, common vulnerabilities, and auditing methodologies.
- Focused on Underrepresented Regions: Specifically targeted regions with historically lower representation in the global Ethereum security community, fostering greater inclusivity and diversity.
- Developed Practical Skills: Equipped participants with hands-on experience through coding exercises, case studies, and simulated auditing scenarios.
- Created a Pipeline of Skilled Talent: Established a direct pipeline of skilled security researchers, addressing the growing demand for expertise in the blockchain space.
The capacity-building impact of Guild Audits’ initiative is substantial, creating a more robust and geographically diverse talent pool for Ethereum security.
Palina Tolmach – Enhancing Formal Verification Tools
Palina Tolmach, affiliated with Runtime Verification, dedicated her stipend to improving Kontrol, a formal verification tool for Ethereum smart contracts. Her work aimed to make this powerful tool more accessible and user-friendly for developers and security researchers. Key Kontrol improvements delivered include:
- Streamlined User Interface: Enhanced the usability of Kontrol, making it easier for developers to integrate formal verification into their development workflows.
- Expanded Language Support: Improved support for various programming languages and dialects used in smart contract development, increasing the tool’s applicability.
- Developed New Verification Modules: Introduced new modules designed to automatically detect specific classes of vulnerabilities, automating parts of the verification process.
- Published Comprehensive Documentation: Created detailed documentation and tutorials to guide users in effectively leveraging Kontrol for their projects.
All of Palina Tolmach’s work on Kontrol is open-source, readily available on GitHub, significantly enhancing the formal verification tooling landscape for all security researchers. This commitment to open-source development ensures that these improvements benefit the entire Ethereum ecosystem.
Ethereum Execution Client DoS Research
A dedicated research team developed a sophisticated testing framework to systematically evaluate the robustness of Ethereum execution clients against message-flooding denial-of-service (DoS) attacks. This critical research involved testing all five major execution clients: Geth, Besu, Erigon, Nethermind, and Reth. The team’s efforts uncovered:
- 14 Bugs Across Multiple Network Protocol Layers: Identified a significant number of vulnerabilities within the tested clients, impacting various network communication protocols.
- Potential for Network Instability: These bugs could lead to critical issues such as node instability, network partition, and compromised consensus mechanisms, severely impacting the network’s availability and integrity.
- Demonstrated Vulnerability of All Clients: The findings highlighted that no single execution client is entirely immune to message-flooding attacks, emphasizing the pervasive nature of this threat.
The research team’s findings have been shared with the Ethereum Foundation’s Protocol Security team, providing crucial insights for developing effective countermeasures, such as adaptive rate-limiting mechanisms, to further harden execution clients against such attacks. The open-source nature of the testing framework allows for continuous evaluation and improvement.
Other Notable Contributions to Ecosystem Security
While detailed write-ups were not possible for every recipient due to space constraints, the remaining ETH Rangers also made significant contributions across a wide array of security-related public goods:
- Kelsie Nabben authored a book, "Decentralised Digital Security Community: Inscriptions," based on extensive ethnographic research into decentralized digital security communities, including SEAL.
- The Mothra team developed Mothra, a Ghidra extension for EVM bytecode reverse engineering, including support for EOF decompilation, and published detailed technical write-ups.
- SomaXBT published a four-part series on blockchain forensics and the crypto threat landscape, covering fund tracing, attribution techniques, and OSINT methods.
- Peter Kacherginsky launched BlockThreat, a platform for blockchain threat intelligence that analyzes past security incidents and their root causes.
- Attack Vectors built attackvectors.org, an open-source guide on DeFi attack vectors and prevention strategies, and contributed to SEAL’s Wallet Security Framework.
- Tim Fan developed D2PFuzz, a DevP2P protocol fuzzing framework with differential testing across multiple execution layer clients, uncovering several bugs.
- nft_dreww published security articles, hosted educational classes through Boring Security, and completed audits on Ethereum public goods projects.
- Jean-Loïc Mugnier developed a Web3 transaction simulation Chrome extension and conducted research on simulation spoofing.
- Alexandre Melo produced security workshop videos covering fuzzing, smart accounts, AI-driven auditing, Solana security, and zero-knowledge proofs.
- Ho Nhut Minh enhanced CuEVM, a GPU-accelerated EVM implementation, with multi-GPU support and a Golang library for integration with the Medusa fuzzer.
- Sergio Garcia built the Tracelon Monitoring Bot, a Telegram bot for real-time block monitoring, and continued contributing to SEAL 911 incident response.
Looking Ahead: A Decentralized Defense for a Decentralized Future
The ETH Rangers Program successfully demonstrated that securing a decentralized network requires a decentralized defense. The program’s objectives were not merely about finding vulnerabilities but about fostering a robust ecosystem of security professionals, tools, and knowledge. The variety of contributions reflects the expansive definition of "public goods security" in practice, encompassing tool development, education, knowledge documentation, incident response, and overall ecosystem resilience.
By supporting these critical public goods, the ETH Rangers Program has integrated new tools, vital research, and actionable intelligence into the broader Ethereum ecosystem. This distributed approach to defense provides a more secure and resilient foundation for builders and users worldwide. The program’s success underscores the value of investing in independent security research and community-driven initiatives.
The Ethereum Foundation expresses deep gratitude to all 17 stipend recipients for their invaluable contributions. Special thanks are extended to The Red Guild for their hands-on involvement in reviewing submissions, structuring milestones, and providing detailed feedback, which was instrumental to the program’s success. The collaboration with Secureum and Security Alliance in establishing and executing the program was also crucial. As the program concludes, the insights and outputs generated will undoubtedly contribute to a more secure and robust Ethereum network for years to come. The lessons learned and the community fostered will likely pave the way for future initiatives aimed at strengthening the decentralized web.
