In late 2024, a significant collaborative effort was launched to bolster the security of the Ethereum ecosystem. The Ethereum Foundation, in partnership with leading security organizations Secureum, The Red Guild, and Security Alliance (SEAL), unveiled the ETH Rangers Program. This initiative was designed to provide crucial financial support, in the form of stipends, to individuals dedicated to performing vital public goods security work within the Ethereum network. The program’s overarching objective was clear and focused: to foster and fund independent efforts aimed at enhancing the overall resilience of the Ethereum ecosystem. Furthermore, it sought to formally recognize and reward individuals who had already demonstrated a consistent and meaningful track record of impactful contributions to security work that benefits the entire Ethereum community.
Following the conclusion of the six-month ETH Rangers Program, the tangible outcomes of the 17 stipend recipients’ work have been compiled and shared. The breadth of their collective output is nothing short of impressive, spanning critical areas such as in-depth vulnerability research, the development of essential security tooling, comprehensive educational initiatives, proactive threat intelligence gathering, and swift incident response capabilities. These results underscore a fundamental truth: securing a decentralized network like Ethereum necessitates a decentralized approach to defense. The independent researchers, through their diverse projects ranging from protocol-level vulnerability analysis to global developer education, have collectively built infrastructure poised to amplify security effects across the entire ecosystem.
Project Highlights: Pillars of Ethereum’s Security Fortification
The ETH Rangers Program has illuminated a spectrum of innovative security projects, each contributing uniquely to the robustness and trustworthiness of the Ethereum network.
SunSec – DeFiHackLabs: Amplifying Security Education and Tooling
SunSec, in collaboration with the burgeoning DeFiHackLabs community, delivered an extraordinary volume of high-impact security education and tooling work. During the stipend period, DeFiHackLabs achieved several key milestones:
- Published 15 detailed vulnerability reports and analyses: These reports provided deep dives into potential weaknesses within various smart contracts and protocols, offering actionable insights for developers.
- Developed and released 5 new open-source security tools: These tools are designed to assist developers and auditors in identifying and mitigating common vulnerabilities, thereby enhancing the overall security posture of decentralized applications.
- Organized and conducted 10 community security workshops: These workshops served as crucial educational platforms, equipping a broad audience of security researchers and developers with essential knowledge and practical skills in smart contract security.
- Mentored over 100 aspiring security researchers: Through dedicated guidance and support, DeFiHackLabs actively fostered the next generation of security talent within the Ethereum ecosystem.
The sheer scale of community activation demonstrated by DeFiHackLabs is particularly noteworthy. Operating as a powerful multiplier, the project effectively transformed a single stipend into widespread educational output, reaching and influencing hundreds of security researchers. This approach highlights the potent impact of empowering community-driven initiatives in scaling security efforts.
Ketman Project – DPRK IT Worker Investigations: Combating a Critical Threat
One recipient dedicated their stipend to the vital task of building and scaling the Ketman Project. This initiative focuses on the crucial mission of identifying and expelling North Korean (DPRK) IT workers who have infiltrated blockchain projects under assumed identities. Over the course of the stipend period, the Ketman Project achieved significant progress:
- Identified and reported over 50 suspected DPRK operatives: Through meticulous investigation and analysis, the project uncovered numerous instances of illicit activity by individuals attempting to exploit the blockchain space.
- Collaborated with 10 different blockchain projects to facilitate the removal of these operatives: By working directly with affected projects, Ketman Project facilitated decisive actions to safeguard their platforms and user bases from potential malicious actors.
- Published 3 detailed threat intelligence reports on DPRK cybercrime tactics within the crypto space: These reports provided valuable insights into the evolving methods employed by DPRK actors, helping to inform the broader security community about emerging threats.
This work directly addresses one of the most pressing operational security threats currently facing the Ethereum ecosystem. The persistent infiltration by state-sponsored actors poses a significant risk to the integrity and trustworthiness of decentralized networks, making the Ketman Project’s efforts indispensable.
Nick Bax – Incident Response and Threat Intelligence: A Multifaceted Contributor
Nick Bax made significant contributions across multiple critical security domains, primarily through his involvement with SEAL 911 incident response, DPRK threat mitigation efforts, and public awareness campaigns. His work included:
- Actively participating in 8 critical incident response efforts: Bax provided crucial expertise and support during high-stakes situations, helping to mitigate damage and restore services.
- Developing and disseminating threat intelligence regarding DPRK operatives: His insights into the tactics and strategies of these actors were vital in bolstering defenses across the ecosystem.
- Contributing to public awareness initiatives: Bax played a key role in educating the broader community about prevalent security risks and best practices.
- Assisting in the development of new incident response protocols: His practical experience informed the creation of more robust and effective response mechanisms.
Bax’s multifaceted contributions underscore the interconnectedness of various security disciplines, highlighting how individual expertise can yield broad benefits for the entire ecosystem.
Guild Audits – Security Education in Africa and Beyond: Cultivating Future Talent
Guild Audits focused on a critical long-term security objective: cultivating the next generation of Ethereum security researchers. They achieved this by running intensive smart contract security bootcamps. The impact of these bootcamps has been substantial:
- Trained over 300 individuals in advanced smart contract security: This comprehensive training equipped participants with the skills necessary to identify and remediate vulnerabilities in blockchain code.
- Launched 5 new security study groups in underserved regions: By extending their reach, Guild Audits fostered localized security communities and learning opportunities.
- Published 15 detailed case studies and educational materials: These resources provide valuable learning content for current and future security professionals.
The capacity-building impact of Guild Audits’ smart contract security bootcamps is profound. They are actively creating a pipeline of skilled security researchers, particularly in regions that have historically been underrepresented in the global Ethereum security community. This expansion of talent is crucial for ensuring a diverse and robust security landscape.
Palina Tolmach – Kontrol: Usable Formal Verification
Palina Tolmach, affiliated with Runtime Verification, focused her efforts on enhancing Kontrol, a formal verification tool specifically designed for Ethereum smart contracts. The primary goal was to make this powerful tool more accessible and user-friendly for both developers and security researchers. Key Kontrol improvements delivered include:
- Development of a new, intuitive user interface: This significantly lowered the barrier to entry for users unfamiliar with formal verification concepts.
- Expansion of supported Solidity versions and language features: This ensured broader compatibility with existing and emerging smart contract codebases.
- Integration of improved error reporting and debugging capabilities: This made it easier for users to understand and resolve issues identified by the tool.
- Creation of comprehensive documentation and tutorials: These resources provide clear guidance for users at all levels of expertise.
All of this work has been made open-source and is available on GitHub, significantly enriching the formal verification tooling landscape for the entire security research community. The increased usability of Kontrol promises to elevate the standards of smart contract security across the Ethereum ecosystem.
Ethereum Execution Client DoS Research: Identifying and Mitigating Network Vulnerabilities
A dedicated research team developed a sophisticated testing framework designed to systematically evaluate the robustness of Ethereum execution clients against message-flooding denial-of-service (DoS) attacks. This crucial work involved rigorous testing of all five major execution clients: Geth, Besu, Erigon, Nethermind, and Reth. The research uncovered a significant number of vulnerabilities:
- Discovery of 14 critical bugs: These bugs were identified across various network protocol layers within the tested execution clients.
- Potential for network disruption: The identified vulnerabilities could lead to significant performance degradation, node instability, and in severe cases, network-wide disruptions.
- Confirmation of widespread susceptibility: The findings highlight that no single execution client is entirely immune to message-flooding attacks, underscoring a systemic challenge within the network’s infrastructure.
These findings underscore the critical need for ongoing development of effective countermeasures, such as adaptive rate-limiting mechanisms, to protect the Ethereum network from such attacks. The testing framework and the detailed results have been shared with the Ethereum Foundation’s Protocol Security team, providing essential data to inform and guide future client security research and development efforts.
Other Stipend Recipients: A Broad Spectrum of Security Contributions
While detailed write-ups were not feasible for every recipient due to space constraints, the remaining stipend recipients made substantial contributions across a wide array of security-related public goods, demonstrating the diverse nature of security work within the Ethereum ecosystem.
| Recipient | Output |
|---|---|
| Kelsie Nabben | Authored a book drawing on 2.5 years of ethnographic research into decentralized digital security communities, including SEAL, providing unique qualitative insights into the field. |
| Mothra team | Developed Mothra, a Ghidra extension for EVM bytecode reverse engineering, with notable support for EOF decompilation. Detailed technical write-ups on their development process were also published. |
| SomaXBT | Published a comprehensive four-part series on blockchain forensics and the crypto threat landscape, meticulously covering fund tracing, attribution techniques, and Open Source Intelligence (OSINT) methods. |
| Peter Kacherginsky | Launched BlockThreat, a platform dedicated to blockchain threat intelligence that systematically analyzes past blockchain security incidents and their root causes to inform future prevention strategies. |
| Attack Vectors | Created attackvectors.org, an open-source, continuously updated guide detailing the most prevalent attack vectors in DeFi, alongside effective prevention strategies. They also contributed to SEAL’s Wallet Security Framework and became a SEAL Steward. |
| Tim Fan | Developed D2PFuzz, a DevP2P protocol fuzzing framework incorporating differential testing across multiple execution layer clients, successfully identifying bugs through both single-client and cross-client testing. |
| nft_dreww | Published insightful security articles, hosted educational classes through Boring Security, and successfully completed security audits on critical Ethereum public goods projects. |
| Jean-Loïc Mugnier | Developed a Web3 transaction simulation Chrome extension that intercepts and simulates transactions prior to wallet confirmation, alongside research into simulation spoofing techniques. |
| Alexandre Melo | Produced a series of valuable security workshop videos covering diverse topics such as fuzzing, smart accounts, AI-driven auditing, Solana security, and zero-knowledge proofs. |
| Ho Nhut Minh | Enhanced CuEVM, a GPU-accelerated EVM implementation, by adding multi-GPU support and a Golang library for seamless integration with the Medusa fuzzer, with benchmarks conducted on Nvidia H100 GPUs. |
| Sergio Garcia | Built the Tracelon Monitoring Bot, a Telegram bot designed for real-time block monitoring across Ethereum, Bitcoin, and Base, featuring alerts for ERC20 balance changes. He also continued to contribute to SEAL 911 incident response. |
Looking Ahead: Strengthening Ethereum’s Decentralized Defense
The ETH Rangers Program successfully achieved its core objective: to provide vital support for individuals engaged in the often unglamorous but absolutely essential security work that underpins the Ethereum ecosystem. The remarkable diversity of their contributions serves as a powerful testament to the multifaceted nature of "public goods security" in practice. This endeavor extends far beyond merely identifying vulnerabilities; it encompasses the critical tasks of building robust tools, diligently training individuals, meticulously documenting knowledge, effectively responding to security incidents, and ultimately, making the entire ecosystem more resilient and secure for all participants.
By championing and funding public goods security work, the program has effectively integrated a wealth of new tools, critical research, and actionable intelligence into the broader Ethereum ecosystem. This decentralized approach to defense not only strengthens the foundational security of the network but also provides a more secure and reliable environment for developers and users worldwide.
The Ethereum Foundation expresses profound gratitude to all 17 stipend recipients for their invaluable contributions. Special recognition is extended to The Red Guild for their hands-on involvement in meticulously reviewing submissions, structuring project milestones, and providing constructive, detailed feedback throughout the program’s duration. The Foundation also thanks Secureum and Security Alliance (SEAL) for their instrumental collaboration in establishing and executing the ETH Rangers Program, a testament to what can be achieved through collective action in safeguarding decentralized technologies.
