Ethereum

ETH Rangers Program Summary | Ethereum Foundation Blog

admin3 hours ago
ETH Rangers Program Summary | Ethereum Foundation Blog

In late 2024, the Ethereum Foundation, along with Secureum, The Red Guild, and the Security Alliance (SEAL), launched the ETH Rangers program, an initiative to provide salaries to individuals who perform public goods security work in the Ethereum ecosystem.

The program’s goal was simple. It funds independent efforts that improve the resilience of the Ethereum ecosystem and recognizes those with a proven track record of making meaningful contributions to critical security work that benefits Ethereum as a whole.

Now that the six-month ETH Rangers program has come to an end, we would like to share the results of the work of our 17 stipend recipients. From vulnerability research and security tools to training, threat intelligence and incident response, the scope is impressive.

Consolidated results across grantee initiatives include:

  • More than $5.8 million in funds has been recovered or frozen.
  • Over 785 vulnerabilities, client bugs, and proofs of concept have been reported or listed.
  • Approximately 100 state-sponsored agents identified across a team of over 100 people.
  • Over 209,000 views and user reach with threat awareness and investigation content
  • Over 800 teams participate in sponsored security challenges and investigations
  • Over 80 workshops, lectures, technical or training resources available
  • Handled over 36 incident responses
  • More than seven open source tool repositories, frameworks, and implementations have been developed or improved.

These ETH Rangers program results demonstrate the reality that securing a decentralized network requires decentralized defense.

From protocol-level vulnerability research to global developer training, these independent researchers have built an infrastructure that multiplies security effectiveness across the entire ecosystem.

Project Highlights

SunSec – DeFiHackLabs

SunSec, along with the DeFiHackLabs community, has provided a tremendous amount of security training and tooling work. During the pay period, DeFiHackLabs will:

  • build incident explorer A platform to discover and analyze DeFi incidents through proof-of-concept (PoC) exploits and root cause analysis. 620+ PoCs To date.
  • frog PoC Summer Contest We received 43 new proof-of-concept submissions from the community.
  • delivered Six workshop sessions At Korea University, we cover smart contract bug classes, auditing, and attack case analysis.
  • We worked with the HITCON CTF (717 participating teams) to create a Web3 security issue.
  • had 7 lectures were selected COSCUP 2025 covers a variety of topics, from phishing to official certification.
  • We ran CTF training sessions, writing campaigns, Web3 security clubs, and talent referral programs to connect white hackers with employment opportunities.

The scale of community revitalization here is remarkable. DeFiHackLabs acts as a multiplier, turning one salary into training outcomes reaching hundreds of security researchers.

Ketman Project – Survey of North Korean IT Workers

One grantee used his salary to build and scale the Ketman project, which focuses on discovering and expelling North Korean (North Korea) IT employees who infiltrated blockchain projects with fake identities.

During the benefit period they:

  • Contacted person About 53 projects and confirmed About 100 North Korean IT workers It operates within the Web3 organization.
  • We publish investigative articles covering topics such as account takeover tactics, freelance platform infiltration, and North Korea-Russia connections on ketman.org, which has attracted over 3,300 active users and 6,200 page views.
  • We have developed and open sourced gh-fake-analyzer, a GitHub profile analysis tool for detecting suspicious activity patterns, and is now available on PyPI.
  • Co-authored with SEAL the DPRK IT Worker Framework, which has become a standard reference document for the industry.
  • We contributed data to the Lazarus.group threat intelligence project, and their work was featured in the following presentation: defcon.

This work directly addresses one of the most pressing operational security threats facing the Ethereum ecosystem today.

Nick Bax – Incident Response and Threat Intelligence

Nick Bax’s contributions span multiple areas, primarily through SEAL 911 incident response, North Korea threat mitigation, and public awareness.

  • contribute to 36+ SEAL 911 ticketsIncluding supporting response to Loopscale exploit incidents, resulting in: $5.8 million in revenue.
  • Identify and notify you as part of a team 30+ teams They were hiring North Korean IT workers, and arranged to freeze the mid-six-figure sums of money those workers received.
  • Created an awareness video about North Korea’s “fake VC” scam. 200,000 views At X, several cryptocurrency executives have publicly acknowledged their work in helping prevent hacks.
  • We have patched the vulnerability by identifying and disclosing a homomorphism attack used by the “ELUSIVE COMET” threat group to evade detection of suspicious names in Zoom.
  • Representing the SEALs U.S. Treasury Roundtable Discussed and spoke at conferences about mitigating North Korean hackers. Interpol Headquarters In Lyon.

Guild Audit – Security Training in Africa and Beyond

Guild Audits ran an intensive smart contract security bootcamp to train the next generation of Ethereum security researchers.

  • The bootcamp cohort trained researchers across Africa, Asia, Europe, and the Americas, who continued to report. 110+ vulnerabilities Several students ranked on major audit contest platforms including Sherlock, Code4rena, Codehawks, Cantina, and Immunefi. Top 10 It’s on the leaderboard.
  • posted student 55+ technical articlesEIP proposal, reproduction and implementation of actual hacking free audit For open source projects like Coinsafe and SIR.
  • On November 8, 2025, a guild audit was held. Africa’s first Web3 Security SummitIt brings together security researchers, auditors and developers from across the continent.

The capacity-building impact of Guild Audits’ Smart Contract Security Bootcamp is significant, creating a pipeline of skilled security researchers in regions that have historically been underrepresented in the Ethereum security community.

Palina Tolmach – Control: Official Verification Available

Palina Tolmach of Runtime Verification has improved Kontrol, the official verification tool for Ethereum smart contracts, making the tool more accessible to developers and security researchers.

Key control improvements provided include:

  • Improved output clarity – Cleaner error messages, decoded failure reasons, console.log Support for calibration and beautifully printed path conditions makes calibration results much easier to interpret.
  • Generating counterexamples – If a proof fails, Kontrol can now automatically generate an executable Foundry test that proves the failure, drastically reducing iteration time for formal verification.
  • Structured Symbol Store – Automatic generation of typed storage representations through a new method Save control settings Simplify proof setup by running commands:
  • Comprehensive documentation check – Created new guides on bytecode verification, dynamic types, debugging, and all supported cheatcodes.
  • Improved basic organization – Upstreamed important fundamentals to KEVM for better automated inference, including support for immutable variables and whitelist cheat code.

All of this work is open source at github.com/runtimeverification/kontrol, improving the official verification tool experience for all security researchers.

Ethereum execution client DoS study

The research team developed a testing framework to systematically evaluate the robustness of Ethereum-running clients under message flooding denial-of-service attacks.

We found this by testing all five major running clients: Geth, Besu, Erigon, Nethermind, and Reth. 14 bugs Across various network protocol layers. These bugs may cause:

  • Asymmetric CPU consumption – When the attacker consumes significantly less CPU than the victim (up to a 4x asymmetry in some cases)
  • Refusal to disseminate information – Victim nodes do not respond to peer searches or blockchain data requests (affects Besu, Erigon, and Nethermind)
  • node conflict – Flooding attacks cause out-of-memory errors and crash victim nodes (affects Nethermind, Reth, and Erigon)

Our findings highlight that no execution client is completely immune from message flooding attacks and that additional efforts are needed to develop effective countermeasures (e.g., adaptive rate limiting). The testing framework and results were shared with the Ethereum Foundation’s Protocol Security team to inform further client security research.

Other beneficiaries

For the sake of brevity, it was not possible to write in full about every incoming project. The remaining beneficiaries contributed to a wide range of security-related public goods.

conferee calculation
Kelsey Naven I wrote the book based on 2.5 years of ethnographic research into decentralized digital security communities, including the SEALs.
Mothra Team We built Mothra, a Ghidra extension for EVM bytecode reverse engineering, including support for EOF decompilation. We have published detailed technical documentation about our development process.
Soma We have published a four-part series on blockchain forensics and the cryptocurrency threat landscape covering fund tracking, attribution techniques, and OSINT methods.
Peter Kacherginsky We launched BlockThreat, a blockchain threat intelligence platform that analyzes past blockchain security incidents and their root causes.
attack vector We’ve built AttackVectors.org, a continuously updated open source guide covering the major attack vectors and prevention strategies in DeFi. He also contributed to the SEAL’s wallet security framework and became a SEAL Steward.
team fan We developed D2PFuzz, a DevP2P protocol fuzzing framework that performs differential testing across multiple execution layer clients. Bugs were discovered through single-client and cross-client testing.
nft_dreww He publishes security articles, hosts training classes through Boring Security, and has completed audits for Ethereum public good projects.
Jean-Loïc Meunier Along with our simulation spoofing research, we developed a Web3 transaction simulation Chrome extension that intercepts and simulates transactions before they reach your wallet.
Alexandre Mello We created security workshop videos covering fuzzing, smart accounts, AI-based auditing, Solana security, and zero-knowledge proofs.
Honutmin An improved CuEVM, a GPU-accelerated EVM implementation with multi-GPU support and Golang libraries for integration with the Medusa fuzzer. Benchmarked on Nvidia H100 GPU.
Sergio Garcia We built Tracelon monitoring bot, a Telegram bot for real-time block monitoring of Ethereum, Bitcoin and Base with ERC20 balance change notifications. He also continued to contribute to SEAL 911 incident response.

Looking into the future

The ETH Rangers program was launched to support people performing unglamorous but essential security work on Ethereum.

The diversity of their contributions reflects the breadth of what “public goods security” means in practice. This is more than just finding bugs. It is also important to build tools, train people, document knowledge, respond to incidents, and make the ecosystem more resilient.

By supporting public goods security work, the program has integrated new tools, research, and intelligence into the broader Ethereum ecosystem. This distributed defense approach provides a stronger foundation for builders and users around the world.

We are grateful for the contributions of all 17 stipend recipients, and especially to The Red Guild for their direct involvement in reviewing submissions, organizing milestones, and providing detailed feedback throughout the process. We would also like to thank Secureum and Security Alliance for their cooperation in establishing the program.

admin3 hours ago

Related Articles

Beneficiary Recruitment – Q1 2023

Beneficiary Recruitment – Q1 2023

December 10, 2023
Expands cross-border digital yuan pilot with E-CNY wallet for Hong Kong, China and Hong Kong residents

Expands cross-border digital yuan pilot with E-CNY wallet for Hong Kong, China and Hong Kong residents

May 20, 2024
Bitcoin self-management rights guaranteed in Oklahoma

Bitcoin self-management rights guaranteed in Oklahoma

May 16, 2024
EigenLayer’s ‘subjective branch’ is objectively not complete.

EigenLayer’s ‘subjective branch’ is objectively not complete.

May 1, 2024
Back to top button