London, UK – [Date of Publication] – In a significant stride towards fortifying the resilience of the world’s leading programmable blockchain, the Ethereum Foundation, in collaboration with prominent security organizations Secureum, The Red Guild, and Security Alliance (SEAL), has concluded its inaugural ETH Rangers Program. Launched in late 2024, this pioneering initiative channeled vital stipends to seventeen independent security researchers and teams, empowering them to undertake crucial public goods security work across the Ethereum ecosystem. The six-month program, now wrapped, has unveiled a remarkable breadth of contributions, underscoring the indispensable role of decentralized efforts in safeguarding a decentralized network.
The ETH Rangers Program was conceived with a clear, impactful vision: to financially support independent endeavors that directly enhance Ethereum’s security posture and to formally acknowledge individuals with proven track records of meaningful, ecosystem-wide contributions. From rigorous vulnerability research and the development of cutting-edge security tooling to global educational outreach, sophisticated threat intelligence gathering, and rapid incident response, the program’s recipients have delivered tangible, far-reaching outcomes that collectively bolster Ethereum’s defense mechanisms against an ever-evolving threat landscape. The initiative’s success unequivocally demonstrates a core tenet of blockchain security: a decentralized network demands a decentralized defense, built upon the collective intelligence and proactive engagement of its community.
A Chronology of Decentralized Defense
The journey of the ETH Rangers Program began in late 2024, at a time when the Ethereum ecosystem continued its rapid expansion, attracting both unprecedented innovation and increasingly sophisticated malicious actors. Recognizing the need for a more structured and sustained approach to funding essential, often "unglamorous," public goods security work, the Ethereum Foundation joined forces with three pillars of the blockchain security community: Secureum, renowned for its security education and auditing; The Red Guild, a collective of security researchers dedicated to public goods; and Security Alliance (SEAL), a non-profit focusing on cross-chain security intelligence and incident response.
The program’s inception was marked by a rigorous selection process, identifying individuals and small teams who had already demonstrated a deep commitment and capability in various facets of Ethereum security. The stipends, rather than traditional grants, were designed to provide consistent support, allowing these "Rangers" to dedicate focused effort to their chosen areas of impact over a six-month period. This model aimed to foster sustained engagement and cultivate specialized expertise that might otherwise struggle to find dedicated funding in the fast-paced, profit-driven crypto landscape.
Throughout its operational phase, from late 2024 to mid-2025, the ETH Rangers engaged in their respective projects, ranging from deep technical research into protocol vulnerabilities to community-focused educational initiatives. The program emphasized independent work, with a light touch of oversight from the organizing partners who provided guidance and facilitated knowledge sharing. The wrap-up of the program recently saw the collation and review of these diverse contributions, culminating in the public announcement of their collective impact, solidifying the program’s status as a critical intervention in Ethereum’s ongoing security evolution.
Supporting Data: The Impactful Contributions of the ETH Rangers
The seventeen stipend recipients of the ETH Rangers Program showcased an impressive range of initiatives, each addressing a unique facet of Ethereum’s security needs. Their work collectively forms a robust tapestry of defense, demonstrating how specialized expertise can be leveraged for the collective good.
Catalyzing Community and Education: SunSec & DeFiHackLabs
Leading the charge in community empowerment and educational outreach was SunSec, in collaboration with the vibrant DeFiHackLabs community. Their output during the stipend period was nothing short of extraordinary, highlighting the power of collaborative learning and resource development. DeFiHackLabs conducted an impressive 17 in-depth security workshops, reaching hundreds of aspiring and established security researchers. These workshops covered critical topics, equipping participants with the knowledge and skills to identify and mitigate vulnerabilities in smart contracts and decentralized applications.
Beyond direct instruction, the community also developed over 20 open-source security tools, providing practical utilities for auditing, analysis, and vulnerability detection. These tools, freely available to the public, significantly lower the barrier to entry for security research and development. Furthermore, DeFiHackLabs produced more than 40 comprehensive educational resources, including guides, tutorials, and case studies, creating a rich repository of knowledge for the ecosystem. With over 350 active members, DeFiHackLabs operates as a powerful multiplier, transforming a single stipend into an educational force that impacts hundreds, fostering a new generation of vigilant security professionals. This initiative directly addresses the critical shortage of skilled security auditors and researchers, democratizing access to essential knowledge.
Fortifying Against State-Sponsored Threats: The Ketman Project
One of the most pressing and often under-discussed threats to the blockchain ecosystem is the infiltration by state-sponsored actors. The Ketman Project, spearheaded by an anonymous recipient, directly confronted this challenge by focusing on discovering and expelling North Korean (DPRK) IT workers who have infiltrated blockchain projects under deceptive identities. These workers are often employed remotely, using fake personas to earn cryptocurrency which is then funneled back to fund the DPRK regime’s illicit activities, including WMD programs. Their presence also poses significant operational security risks, as they can act as vectors for espionage or sabotage.
Over the stipend period, the Ketman Project made substantial progress:
- Generated over 50 detailed intelligence reports: These reports provided actionable insights into DPRK IT worker activities, including their methods of infiltration, digital footprints, and network connections.
- Notified more than 20 blockchain projects: Armed with evidence, the project directly alerted numerous projects, enabling them to take defensive measures.
- Identified and facilitated the removal of over 15 DPRK IT workers: This direct intervention prevented potential breaches and mitigated ongoing risks to the affected organizations and the broader ecosystem.
This highly sensitive and critical work directly tackles one of the most severe operational security threats facing the Ethereum ecosystem today, safeguarding projects from state-level adversaries and contributing to global cybersecurity efforts.
On the Front Lines: Nick Bax and Incident Response
Nick Bax demonstrated a multi-faceted contribution, primarily through his involvement in SEAL 911 incident response, DPRK threat mitigation, and broader public awareness campaigns. Incident response in the blockchain space is a high-stakes, time-sensitive endeavor, requiring deep technical expertise and rapid coordination to contain and mitigate the damage from hacks and exploits.
Bax’s efforts included:
- Participation in multiple critical incident responses via SEAL 911: This involved assisting projects under attack, performing forensic analysis, tracking stolen funds, and coordinating with exchanges and law enforcement. His swift action helped minimize financial losses and protect users.
- Proactive DPRK threat intelligence sharing: Building on the work of projects like Ketman, Bax disseminated crucial intelligence about North Korean threat actors, helping the community to better understand and defend against their tactics.
- Public education and awareness: Through various channels, he contributed to educating the wider Ethereum community about prevalent threats, best security practices, and how to react during security incidents, fostering a more informed and vigilant user base.
His contributions underscored the vital role of skilled responders who can act decisively when the integrity of the network and its users is under attack, turning intelligence into immediate, protective action.
Building Global Capacity: Guild Audits and African Security Education
Addressing the geographical disparity in security talent, Guild Audits ran intensive smart contract security bootcamps, specifically targeting and training the next generation of Ethereum security researchers in underrepresented regions, particularly Africa. The expansion of security expertise beyond traditional tech hubs is crucial for building a truly decentralized and globally resilient ecosystem.
Guild Audits’ achievements include:
- Successfully executed 3 comprehensive smart contract security bootcamps: These intensive programs provided hands-on training in Solidity, EVM, common vulnerabilities, and auditing methodologies.
- Graduated over 100 participants: This significant cohort represents a new wave of trained security professionals ready to contribute to the ecosystem.
- Facilitated the placement of more than 10 graduates into security-related roles: This direct pipeline into the industry demonstrates the program’s practical impact and its success in creating tangible career opportunities.
The capacity-building impact of Guild Audits’ bootcamps is immense, not only creating a pipeline of skilled security researchers but also fostering diversity and inclusion within the Ethereum security community, strengthening the network from a global perspective.
Advancing Formal Verification: Palina Tolmach and Kontrol
Palina Tolmach of Runtime Verification focused on enhancing Kontrol, a sophisticated formal verification tool for Ethereum smart contracts. Formal verification is a rigorous method of mathematically proving the correctness of code, ensuring that smart contracts behave exactly as intended and are free from critical bugs. While powerful, such tools can often be complex and inaccessible to many developers. Tolmach’s work aimed to bridge this gap, making Kontrol more user-friendly for a broader audience of developers and security researchers.
Key Kontrol improvements delivered include:
- Streamlined user interface and improved documentation: Making the tool easier to learn and use, reducing the technical overhead for adoption.
- Enhanced performance and scalability: Allowing Kontrol to efficiently analyze larger and more complex smart contracts.
- Expanded feature set: Adding new capabilities that enable more comprehensive verification checks and support for a wider array of contract patterns.
All of this work is open source and available at github.com/runtimeverification/kontrol, significantly improving the formal verification tooling landscape for all security researchers and raising the bar for smart contract security across the ecosystem.
Strengthening Core Infrastructure: Ethereum Execution Client DoS Research
A dedicated research team undertook critical work focused on the robustness of Ethereum’s core infrastructure by developing a testing framework to systematically evaluate the resilience of execution clients against message-flooding denial-of-service (DoS) attacks. Execution clients (like Geth, Besu, Erigon, Nethermind, and Reth) are the software implementations that enable nodes to interact with the Ethereum blockchain, processing transactions and maintaining the network state. Their stability is paramount to the network’s continuous operation.
By rigorously testing all five major execution clients, the team discovered a total of 14 distinct bugs across various network protocol layers. These vulnerabilities could lead to severe consequences, including:
- Node crashes: Rendering individual nodes inoperable.
- Node desynchronization: Causing nodes to fall out of sync with the main network, leading to service disruption.
- Full network partitions: Potentially isolating large segments of the network, threatening consensus and overall stability.
The findings underscore that no execution client is entirely immune to message-flooding attacks, emphasizing the continuous need for robust defensive measures like adaptive rate-limiting. The testing framework and detailed results have been shared directly with the Ethereum Foundation’s Protocol Security team, providing invaluable data to inform ongoing client security research and the development of more resilient network protocols.
A Spectrum of Security Innovations: Other Key Rangers
While space limits full write-ups for all recipients, the contributions of the remaining ETH Rangers were equally vital and diverse:
- Kelsie Nabben authored a compelling book based on 2.5 years of ethnographic research into decentralized digital security communities, including SEAL. Her work provides critical sociological insights into how these communities self-organize and function, offering a deeper understanding of the human element in blockchain security.
- The Mothra team built an innovative Ghidra extension for EVM bytecode reverse engineering, including support for EOF (EVM Object Format) decompilation. This open-source tool significantly aids forensic analysis and vulnerability discovery by allowing researchers to better understand compiled smart contract code.
- SomaXBT published a comprehensive four-part series on blockchain forensics and the crypto threat landscape. This educational series delved into fund tracing, attribution techniques, and Open Source Intelligence (OSINT) methods, equipping the community with essential skills for investigating illicit activities.
- Peter Kacherginsky launched BlockThreat, a specialized platform for blockchain threat intelligence. BlockThreat systematically analyzes past security incidents and their root causes, creating a valuable database for learning from history and preventing future attacks.
- Attack Vectors developed attackvectors.org, an open-source, continuously updated guide detailing top attack vectors in DeFi along with preventative strategies. They also contributed to SEAL’s Wallet Security Framework and became a SEAL Steward, deepening their commitment to ecosystem-wide defense.
- Tim Fan developed D2PFuzz, a DevP2P protocol fuzzing framework. By differentially testing across multiple execution layer clients, D2PFuzz identified critical bugs through both single-client and cross-client testing, improving the robustness of peer-to-peer communication within Ethereum.
- nft_dreww contributed by publishing security articles, hosting educational classes through Boring Security, and conducting audits on Ethereum public goods projects, embodying the spirit of community engagement and direct contribution.
- Jean-Loïc Mugnier created a Web3 transaction simulation Chrome extension that intercepts and simulates transactions before they reach the user’s wallet, significantly enhancing user security by allowing them to preview potential outcomes. He also conducted research into simulation spoofing.
- Alexandre Melo produced a series of valuable security workshop videos covering advanced topics like fuzzing, smart accounts, AI-driven auditing, Solana security, and zero-knowledge proofs, making complex security concepts accessible.
- Ho Nhut Minh enhanced CuEVM, a GPU-accelerated EVM implementation, with multi-GPU support and a Golang library for integration with the Medusa fuzzer. His work significantly boosts the speed and efficiency of security testing for smart contracts.
- Sergio Garcia built the Tracelon Monitoring Bot, a Telegram bot providing real-time block monitoring for Ethereum, Bitcoin, and Base, complete with ERC20 balance change alerts. He also continued his active contributions to SEAL 911 incident response.
Official Responses and Collaborative Success
The Ethereum Foundation expressed profound gratitude to all 17 stipend recipients, acknowledging that the ETH Rangers Program had successfully met its objective of supporting essential, yet often unsung, security work. The program’s decentralized approach to defense aligns perfectly with Ethereum’s core ethos, demonstrating that security is not a centralized function but a collective responsibility nurtured by individual expertise and commitment.
The success of the program was not solely due to the Rangers themselves but was also a testament to the crucial collaborative efforts of the founding partners. Secureum’s expertise in security education, The Red Guild’s hands-on involvement in structuring milestones and providing detailed feedback, and Security Alliance’s insights into incident response and threat intelligence were indispensable. The Red Guild, in particular, played a pivotal role in the operational aspects, from reviewing submissions to guiding recipients through their projects, ensuring the program’s effective execution and maximizing the impact of each stipend. This robust partnership model serves as a blueprint for future initiatives aimed at strengthening the public goods infrastructure of decentralized networks.
Implications for Ethereum’s Future Security Landscape
The ETH Rangers Program has cemented a vital precedent: investing directly in independent public goods security work is not merely beneficial, but essential for the long-term health and stability of the Ethereum ecosystem. The variety of contributions—from deep protocol research to educational outreach and threat intelligence—underscores that "public goods security" is a broad and multifaceted discipline. It encompasses far more than just finding bugs; it is about building robust tools, cultivating human capital, documenting crucial knowledge, responding effectively to emergencies, and proactively mitigating emerging threats.
This decentralized defense paradigm fosters a more resilient ecosystem. By integrating new tools, research, and intelligence from independent experts into the broader Ethereum community, the program has created a stronger, more adaptive foundation for builders and users worldwide. It encourages a culture of shared responsibility and continuous improvement, where security is a collective endeavor rather than a burden placed on a few centralized entities. The program’s success reinforces the idea that the strength of Ethereum lies not just in its technology, but in its vibrant, dedicated community of contributors who are willing to perform the critical work necessary to protect it.
Looking ahead, the ETH Rangers Program serves as a powerful model for how foundational blockchain infrastructure can be secured. Its success will likely inspire similar initiatives, emphasizing the ongoing need for sustained funding and recognition for those who contribute to the often-unglamorous, yet profoundly important, work of public goods security. As the Ethereum ecosystem continues to evolve and face new challenges, the spirit of the ETH Rangers—proactive, collaborative, and decentralized—will remain a guiding principle for its enduring security and success.
