{"id":19324,"date":"2026-04-16T15:37:09","date_gmt":"2026-04-16T15:37:09","guid":{"rendered":"https:\/\/cryptoted.net\/index.php\/2026\/04\/16\/eth-rangers-program-recap-ethereum-foundation-blog\/"},"modified":"2026-04-16T15:37:09","modified_gmt":"2026-04-16T15:37:09","slug":"eth-rangers-program-recap-ethereum-foundation-blog","status":"publish","type":"post","link":"https:\/\/cryptoted.net\/index.php\/2026\/04\/16\/eth-rangers-program-recap-ethereum-foundation-blog\/","title":{"rendered":"ETH Rangers Program Recap | Ethereum Foundation Blog"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div id=\"\">\n<p class=\"chakra-text css-gi02ar\">In late 2024, the Ethereum Foundation, together with <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/www.secureum.xyz\/\">Secureum<\/a>, <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/theredguild.org\/\">The Red Guild<\/a>, and <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/securityalliance.org\/\">Security Alliance<\/a> (SEAL), launched the <a class=\"chakra-link css-vezwxf\" href=\"https:\/\/blog.ethereum.org\/2024\/12\/02\/ethrangers-public-goods\">ETH Rangers Program<\/a>, an initiative to provide stipends for individuals doing public goods security work in the Ethereum ecosystem.<\/p>\n<p class=\"chakra-text css-gi02ar\">The goal of the program was straightforward: to fund independent efforts that enhance the resilience of the Ethereum ecosystem, and to recognize people with demonstrated track records of meaningful contributions to important security work that benefits Ethereum as a whole.<\/p>\n<p class=\"chakra-text css-gi02ar\">Now that the six month ETH Rangers Program has wrapped up, we want to share the outcomes of the 17 stipend recipients\u2019 work. The breadth of their output is impressive, from vulnerability research and security tooling, to education, threat intelligence, and incident response.<\/p>\n<p class=\"chakra-text css-gi02ar\">Across recipient initiatives, consolidated outcomes include:<\/p>\n<ul role=\"list\" class=\"css-1ars4k6\">\n<li class=\"css-0\">Over 5.8 million dollars in funds recovered or frozen<\/li>\n<li class=\"css-0\">Over 785 vulnerabilities, client bugs, and proof of concepts reported or cataloged<\/li>\n<li class=\"css-0\">Approximately 100 state sponsored operatives identified across more than teams<\/li>\n<li class=\"css-0\">Over 209,000 views and users reached with threat awareness and investigative content<\/li>\n<li class=\"css-0\">800+ teams engaged in sponsored security challenges and investigations<\/li>\n<li class=\"css-0\">Over 80 workshops, talks, and technical or educational resources delivered<\/li>\n<li class=\"css-0\">36+ incident responses handled<\/li>\n<li class=\"css-0\">7+ open source tooling repositories, frameworks, and implementations developed or improved<\/li>\n<\/ul>\n<p class=\"chakra-text css-gi02ar\">These ETH Rangers Program results demonstrate the reality that securing a decentralized network requires a decentralized defense.<\/p>\n<p class=\"chakra-text css-gi02ar\">From protocol-level vulnerability research to global developer education, these independent researchers built infrastructure that will multiply security effects across the entire ecosystem.<\/p>\n<h2 class=\"chakra-heading group css-1kpzc4q\" id=\"project-highlights\" data-group=\"true\"><a class=\"chakra-link css-128fqrf\" aria-label=\"project highlights permalink\" href=\"#project-highlights\"><svg viewbox=\"0 0 24 24\" focusable=\"false\" class=\"chakra-icon css-173jpr1\"><g fill=\"currentColor\"><path d=\"M10.458,18.374,7.721,21.11a2.853,2.853,0,0,1-3.942,0l-.892-.891a2.787,2.787,0,0,1,0-3.941l5.8-5.8a2.789,2.789,0,0,1,3.942,0l.893.892A1,1,0,0,0,14.94,9.952l-.893-.892a4.791,4.791,0,0,0-6.771,0l-5.8,5.8a4.787,4.787,0,0,0,0,6.77l.892.891a4.785,4.785,0,0,0,6.771,0l2.736-2.735a1,1,0,1,0-1.414-1.415Z\"\/><path d=\"M22.526,2.363l-.892-.892a4.8,4.8,0,0,0-6.77,0l-2.905,2.9a1,1,0,0,0,1.414,1.414l2.9-2.9a2.79,2.79,0,0,1,3.941,0l.893.893a2.786,2.786,0,0,1,0,3.942l-5.8,5.8a2.769,2.769,0,0,1-1.971.817h0a2.766,2.766,0,0,1-1.969-.816,1,1,0,1,0-1.415,1.412,4.751,4.751,0,0,0,3.384,1.4h0a4.752,4.752,0,0,0,3.385-1.4l5.8-5.8a4.786,4.786,0,0,0,0-6.771Z\"\/><\/g><\/svg><\/a><strong>Project Highlights<\/strong><\/h2>\n<h3 class=\"chakra-heading group css-xuzltg\" id=\"sunsec--defihacklabs\" data-group=\"true\"><a class=\"chakra-link css-128fqrf\" aria-label=\"sunsec  defihacklabs permalink\" href=\"#sunsec--defihacklabs\"><svg viewbox=\"0 0 24 24\" focusable=\"false\" class=\"chakra-icon css-173jpr1\"><g fill=\"currentColor\"><path d=\"M10.458,18.374,7.721,21.11a2.853,2.853,0,0,1-3.942,0l-.892-.891a2.787,2.787,0,0,1,0-3.941l5.8-5.8a2.789,2.789,0,0,1,3.942,0l.893.892A1,1,0,0,0,14.94,9.952l-.893-.892a4.791,4.791,0,0,0-6.771,0l-5.8,5.8a4.787,4.787,0,0,0,0,6.77l.892.891a4.785,4.785,0,0,0,6.771,0l2.736-2.735a1,1,0,1,0-1.414-1.415Z\"\/><path d=\"M22.526,2.363l-.892-.892a4.8,4.8,0,0,0-6.77,0l-2.905,2.9a1,1,0,0,0,1.414,1.414l2.9-2.9a2.79,2.79,0,0,1,3.941,0l.893.893a2.786,2.786,0,0,1,0,3.942l-5.8,5.8a2.769,2.769,0,0,1-1.971.817h0a2.766,2.766,0,0,1-1.969-.816,1,1,0,1,0-1.415,1.412,4.751,4.751,0,0,0,3.384,1.4h0a4.752,4.752,0,0,0,3.385-1.4l5.8-5.8a4.786,4.786,0,0,0,0-6.771Z\"\/><\/g><\/svg><\/a><strong>SunSec \u2013 DeFiHackLabs<\/strong><\/h3>\n<p class=\"chakra-text css-gi02ar\"><a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/x.com\/1nf0s3cpt\">SunSec<\/a>, with the <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/github.com\/SunWeb3Sec\/DeFiHackLabs\">DeFiHackLabs<\/a> community, delivered an extraordinary volume of security education and tooling work. Over the stipend period, DeFiHackLabs:<\/p>\n<ul role=\"list\" class=\"css-1ars4k6\">\n<li class=\"css-0\">Built an <strong>Incident Explorer<\/strong> platform for searching and analysing DeFi incidents with proof-of-concept (PoC) exploits and root cause analysis, covering <strong>620+ PoCs<\/strong> to date.<\/li>\n<li class=\"css-0\">Ran a <strong>PoC Summer Contest<\/strong> that received 43 new proof-of-concept submissions from the community.<\/li>\n<li class=\"css-0\">Delivered <strong>six workshop sessions<\/strong> at Korea University covering smart contract bug classes, auditing, and attack case analysis.<\/li>\n<li class=\"css-0\">Partnered with <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/ctf2025.hitcon.org\/\">HITCON CTF<\/a> (717 participating teams) to create a Web3 security challenge.<\/li>\n<li class=\"css-0\">Had <strong>seven talks selected<\/strong> at <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/coscup.org\/2025\/\">COSCUP 2025<\/a>, covering topics from phishing to formal verification.<\/li>\n<li class=\"css-0\">Ran CTF training sessions, writing campaigns, a Web3 Security Club, and a talent referral program to connect white hats with employment opportunities.<\/li>\n<\/ul>\n<p class=\"chakra-text css-gi02ar\">The sheer scale of community activation here is notable. DeFiHackLabs operates as a multiplier, turning one stipend into educational output that reaches hundreds of security researchers.<\/p>\n<h3 class=\"chakra-heading group css-xuzltg\" id=\"ketman-project--dprk-it-worker-investigations\" data-group=\"true\"><a class=\"chakra-link css-128fqrf\" aria-label=\"ketman project  dprk it worker investigations permalink\" href=\"#ketman-project--dprk-it-worker-investigations\"><svg viewbox=\"0 0 24 24\" focusable=\"false\" class=\"chakra-icon css-173jpr1\"><g fill=\"currentColor\"><path d=\"M10.458,18.374,7.721,21.11a2.853,2.853,0,0,1-3.942,0l-.892-.891a2.787,2.787,0,0,1,0-3.941l5.8-5.8a2.789,2.789,0,0,1,3.942,0l.893.892A1,1,0,0,0,14.94,9.952l-.893-.892a4.791,4.791,0,0,0-6.771,0l-5.8,5.8a4.787,4.787,0,0,0,0,6.77l.892.891a4.785,4.785,0,0,0,6.771,0l2.736-2.735a1,1,0,1,0-1.414-1.415Z\"\/><path d=\"M22.526,2.363l-.892-.892a4.8,4.8,0,0,0-6.77,0l-2.905,2.9a1,1,0,0,0,1.414,1.414l2.9-2.9a2.79,2.79,0,0,1,3.941,0l.893.893a2.786,2.786,0,0,1,0,3.942l-5.8,5.8a2.769,2.769,0,0,1-1.971.817h0a2.766,2.766,0,0,1-1.969-.816,1,1,0,1,0-1.415,1.412,4.751,4.751,0,0,0,3.384,1.4h0a4.752,4.752,0,0,0,3.385-1.4l5.8-5.8a4.786,4.786,0,0,0,0-6.771Z\"\/><\/g><\/svg><\/a><strong>Ketman Project \u2013 DPRK IT Worker Investigations<\/strong><\/h3>\n<p class=\"chakra-text css-gi02ar\">One recipient used their stipend to build and scale the <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/ketman.org\/\">Ketman Project<\/a>, focused on discovering and expelling North Korean (DPRK) IT workers who have infiltrated blockchain projects under fake identities.<\/p>\n<p class=\"chakra-text css-gi02ar\">Over the stipend period, they:<\/p>\n<ul role=\"list\" class=\"css-1ars4k6\">\n<li class=\"css-0\">Reached out to <strong>approximately 53 projects<\/strong> and identified <strong>around 100 different DPRK IT workers<\/strong> operating within Web3 organizations.<\/li>\n<li class=\"css-0\">Published investigative articles on <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/ketman.org\/\">ketman.org<\/a> that reached over 3,300 active users and 6,200 page views, covering topics such as account takeover tactics, freelance platform infiltration, and DPRK-Russia connections.<\/li>\n<li class=\"css-0\">Developed and open-sourced <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/github.com\/shortdoom\/gh-fake-analyzer\">gh-fake-analyzer<\/a>, a GitHub profile analysis tool for detecting suspicious activity patterns, now <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/pypi.org\/project\/gh-fake-analyzer\/\">available on PyPI<\/a>.<\/li>\n<li class=\"css-0\">Co-authored the <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/frameworks.securityalliance.org\/dprk-it-workers\">DPRK IT Workers Framework<\/a> with SEAL, which has become a standard reference document for the industry.<\/li>\n<li class=\"css-0\">Contributed data to the <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/lazarus.group\/\">Lazarus.group<\/a> threat intelligence project, with their work featured in a presentation at <strong>DEF CON<\/strong>.<\/li>\n<\/ul>\n<p class=\"chakra-text css-gi02ar\">This work directly addresses one of the most pressing operational security threats facing the Ethereum ecosystem today.<\/p>\n<h3 class=\"chakra-heading group css-xuzltg\" id=\"nick-bax--incident-response-and-threat-intelligence\" data-group=\"true\"><a class=\"chakra-link css-128fqrf\" aria-label=\"nick bax  incident response and threat intelligence permalink\" href=\"#nick-bax--incident-response-and-threat-intelligence\"><svg viewbox=\"0 0 24 24\" focusable=\"false\" class=\"chakra-icon css-173jpr1\"><g fill=\"currentColor\"><path d=\"M10.458,18.374,7.721,21.11a2.853,2.853,0,0,1-3.942,0l-.892-.891a2.787,2.787,0,0,1,0-3.941l5.8-5.8a2.789,2.789,0,0,1,3.942,0l.893.892A1,1,0,0,0,14.94,9.952l-.893-.892a4.791,4.791,0,0,0-6.771,0l-5.8,5.8a4.787,4.787,0,0,0,0,6.77l.892.891a4.785,4.785,0,0,0,6.771,0l2.736-2.735a1,1,0,1,0-1.414-1.415Z\"\/><path d=\"M22.526,2.363l-.892-.892a4.8,4.8,0,0,0-6.77,0l-2.905,2.9a1,1,0,0,0,1.414,1.414l2.9-2.9a2.79,2.79,0,0,1,3.941,0l.893.893a2.786,2.786,0,0,1,0,3.942l-5.8,5.8a2.769,2.769,0,0,1-1.971.817h0a2.766,2.766,0,0,1-1.969-.816,1,1,0,1,0-1.415,1.412,4.751,4.751,0,0,0,3.384,1.4h0a4.752,4.752,0,0,0,3.385-1.4l5.8-5.8a4.786,4.786,0,0,0,0-6.771Z\"\/><\/g><\/svg><\/a><strong>Nick Bax \u2013 Incident Response and Threat Intelligence<\/strong><\/h3>\n<p class=\"chakra-text css-gi02ar\"><a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/x.com\/bax1337\">Nick Bax<\/a> contributed across multiple fronts, primarily through SEAL 911 incident response, DPRK threat mitigation, and public awareness.<\/p>\n<ul role=\"list\" class=\"css-1ars4k6\">\n<li class=\"css-0\">Contributed to <strong>over 36 SEAL 911 tickets<\/strong>, including assisting with the <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/x.com\/marygooneratne\/status\/1920485348024455374\">Loopscale exploit<\/a> incident response that resulted in the <strong>return of $5.8M<\/strong>.<\/li>\n<li class=\"css-0\">As part of a team, identified and notified <strong>30+ teams<\/strong> that they were employing DPRK IT workers, and coordinated the freezing of mid-six-figures of funds received by those workers.<\/li>\n<li class=\"css-0\">Created an <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/x.com\/bax1337\/status\/1899471318178771129\">awareness video about DPRK &#8220;Fake VC&#8221; scams<\/a> that received <strong>200,000 views<\/strong> on X, with multiple crypto executives publicly crediting it for helping them avoid being hacked.<\/li>\n<li class=\"css-0\">Identified and disclosed a homoglyph attack used by the &#8220;ELUSIVE COMET&#8221; threat group to evade Zoom&#8217;s suspicious name detection, resulting in the vulnerability being patched.<\/li>\n<li class=\"css-0\">Represented SEAL at a <strong>US Department of Treasury roundtable<\/strong> on DPRK hacker mitigations and spoke at a conference at <strong>Interpol Headquarters<\/strong> in Lyon.<\/li>\n<\/ul>\n<h3 class=\"chakra-heading group css-xuzltg\" id=\"guild-audits--security-education-in-africa-and-beyond\" data-group=\"true\"><a class=\"chakra-link css-128fqrf\" aria-label=\"guild audits  security education in africa and beyond permalink\" href=\"#guild-audits--security-education-in-africa-and-beyond\"><svg viewbox=\"0 0 24 24\" focusable=\"false\" class=\"chakra-icon css-173jpr1\"><g fill=\"currentColor\"><path d=\"M10.458,18.374,7.721,21.11a2.853,2.853,0,0,1-3.942,0l-.892-.891a2.787,2.787,0,0,1,0-3.941l5.8-5.8a2.789,2.789,0,0,1,3.942,0l.893.892A1,1,0,0,0,14.94,9.952l-.893-.892a4.791,4.791,0,0,0-6.771,0l-5.8,5.8a4.787,4.787,0,0,0,0,6.77l.892.891a4.785,4.785,0,0,0,6.771,0l2.736-2.735a1,1,0,1,0-1.414-1.415Z\"\/><path d=\"M22.526,2.363l-.892-.892a4.8,4.8,0,0,0-6.77,0l-2.905,2.9a1,1,0,0,0,1.414,1.414l2.9-2.9a2.79,2.79,0,0,1,3.941,0l.893.893a2.786,2.786,0,0,1,0,3.942l-5.8,5.8a2.769,2.769,0,0,1-1.971.817h0a2.766,2.766,0,0,1-1.969-.816,1,1,0,1,0-1.415,1.412,4.751,4.751,0,0,0,3.384,1.4h0a4.752,4.752,0,0,0,3.385-1.4l5.8-5.8a4.786,4.786,0,0,0,0-6.771Z\"\/><\/g><\/svg><\/a><strong>Guild Audits \u2013 Security Education in Africa and Beyond<\/strong><\/h3>\n<p class=\"chakra-text css-gi02ar\"><a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/guildaudits.com\/\">Guild Audits<\/a> ran intensive smart contract security bootcamps, training the next generation of Ethereum security researchers.<\/p>\n<ul role=\"list\" class=\"css-1ars4k6\">\n<li class=\"css-0\">Bootcamp cohorts trained researchers across Africa, Asia, Europe, and the Americas, who went on to report <strong>110+ vulnerabilities<\/strong> across major audit contest platforms, including Sherlock, Code4rena, Codehawks, Cantina, and Immunefi, with several students ranking in the <strong>top 10<\/strong> on leaderboards.<\/li>\n<li class=\"css-0\">Students published <strong>55+ technical articles<\/strong>, proposed EIPs, replayed real-world hacks, and conducted <strong>pro-bono audits<\/strong> for open-source projects such as Coinsafe and SIR.<\/li>\n<li class=\"css-0\">On 8 November 2025, Guild Audits hosted <strong>Africa&#8217;s first Web3 Security Summit<\/strong>, bringing together security researchers, auditors, and developers from across the continent.<\/li>\n<\/ul>\n<p class=\"chakra-text css-gi02ar\">The capacity-building impact of Guild Audits\u2019 smart contract security bootcamps is significant, creating a pipeline of skilled security researchers in regions that have been historically underrepresented in the Ethereum security community.<\/p>\n<h3 class=\"chakra-heading group css-xuzltg\" id=\"palina-tolmach--kontrol-usable-formal-verification\" data-group=\"true\"><a class=\"chakra-link css-128fqrf\" aria-label=\"palina tolmach  kontrol usable formal verification permalink\" href=\"#palina-tolmach--kontrol-usable-formal-verification\"><svg viewbox=\"0 0 24 24\" focusable=\"false\" class=\"chakra-icon css-173jpr1\"><g fill=\"currentColor\"><path d=\"M10.458,18.374,7.721,21.11a2.853,2.853,0,0,1-3.942,0l-.892-.891a2.787,2.787,0,0,1,0-3.941l5.8-5.8a2.789,2.789,0,0,1,3.942,0l.893.892A1,1,0,0,0,14.94,9.952l-.893-.892a4.791,4.791,0,0,0-6.771,0l-5.8,5.8a4.787,4.787,0,0,0,0,6.77l.892.891a4.785,4.785,0,0,0,6.771,0l2.736-2.735a1,1,0,1,0-1.414-1.415Z\"\/><path d=\"M22.526,2.363l-.892-.892a4.8,4.8,0,0,0-6.77,0l-2.905,2.9a1,1,0,0,0,1.414,1.414l2.9-2.9a2.79,2.79,0,0,1,3.941,0l.893.893a2.786,2.786,0,0,1,0,3.942l-5.8,5.8a2.769,2.769,0,0,1-1.971.817h0a2.766,2.766,0,0,1-1.969-.816,1,1,0,1,0-1.415,1.412,4.751,4.751,0,0,0,3.384,1.4h0a4.752,4.752,0,0,0,3.385-1.4l5.8-5.8a4.786,4.786,0,0,0,0-6.771Z\"\/><\/g><\/svg><\/a><strong>Palina Tolmach \u2013 Kontrol: Usable Formal Verification<\/strong><\/h3>\n<p class=\"chakra-text css-gi02ar\"><a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/x.com\/palinatolmach\">Palina Tolmach<\/a> of <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/runtimeverification.com\/\">Runtime Verification<\/a> worked on improving <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/github.com\/runtimeverification\/kontrol\">Kontrol<\/a>, a formal verification tool for Ethereum smart contracts, to make the tool more accessible to developers and security researchers.<\/p>\n<p class=\"chakra-text css-gi02ar\">Key Kontrol improvements delivered include:<\/p>\n<ul role=\"list\" class=\"css-1ars4k6\">\n<li class=\"css-0\"><strong>Improved output clarity<\/strong> \u2013 cleaner error messages, decoded failure reasons, <span class=\"chakra-text css-ons8vw\">console.log<\/span> support in proofs, and pretty-printed path conditions, making proof results far easier to interpret.<\/li>\n<li class=\"css-0\"><strong>Counterexample generation<\/strong> \u2013 when a proof fails, Kontrol can now automatically generate a runnable Foundry test demonstrating the failure, drastically reducing the iteration time for formal verification.<\/li>\n<li class=\"css-0\"><strong>Structured symbolic storage<\/strong> \u2013 automated generation of typed storage representations via a new <span class=\"chakra-text css-ons8vw\">kontrol setup-storage<\/span> command, simplifying proof setup.<\/li>\n<li class=\"css-0\"><strong>Comprehensive documentation overhaul<\/strong> \u2013 created new guides for bytecode verification, dynamic types, debugging, and all supported cheatcodes.<\/li>\n<li class=\"css-0\"><strong>Lemma improvements<\/strong> \u2013 upstreamed critical lemmas to KEVM for better automated reasoning, including support for immutable variables and whitelist cheatcodes.<\/li>\n<\/ul>\n<p class=\"chakra-text css-gi02ar\">All of this work is open source at <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"http:\/\/github.com\/runtimeverification\/kontrol\">github.com\/runtimeverification\/kontrol<\/a>, improving the formal verification tooling landscape for all security researchers.<\/p>\n<h3 class=\"chakra-heading group css-xuzltg\" id=\"ethereum-execution-client-dos-research\" data-group=\"true\"><a class=\"chakra-link css-128fqrf\" aria-label=\"ethereum execution client dos research permalink\" href=\"#ethereum-execution-client-dos-research\"><svg viewbox=\"0 0 24 24\" focusable=\"false\" class=\"chakra-icon css-173jpr1\"><g fill=\"currentColor\"><path d=\"M10.458,18.374,7.721,21.11a2.853,2.853,0,0,1-3.942,0l-.892-.891a2.787,2.787,0,0,1,0-3.941l5.8-5.8a2.789,2.789,0,0,1,3.942,0l.893.892A1,1,0,0,0,14.94,9.952l-.893-.892a4.791,4.791,0,0,0-6.771,0l-5.8,5.8a4.787,4.787,0,0,0,0,6.77l.892.891a4.785,4.785,0,0,0,6.771,0l2.736-2.735a1,1,0,1,0-1.414-1.415Z\"\/><path d=\"M22.526,2.363l-.892-.892a4.8,4.8,0,0,0-6.77,0l-2.905,2.9a1,1,0,0,0,1.414,1.414l2.9-2.9a2.79,2.79,0,0,1,3.941,0l.893.893a2.786,2.786,0,0,1,0,3.942l-5.8,5.8a2.769,2.769,0,0,1-1.971.817h0a2.766,2.766,0,0,1-1.969-.816,1,1,0,1,0-1.415,1.412,4.751,4.751,0,0,0,3.384,1.4h0a4.752,4.752,0,0,0,3.385-1.4l5.8-5.8a4.786,4.786,0,0,0,0-6.771Z\"\/><\/g><\/svg><\/a><strong>Ethereum Execution Client DoS Research<\/strong><\/h3>\n<p class=\"chakra-text css-gi02ar\">A research team developed a testing framework to systematically evaluate the robustness of Ethereum execution clients under message-flooding denial-of-service attacks.<\/p>\n<p class=\"chakra-text css-gi02ar\">By testing all five major execution clients (Geth, Besu, Erigon, Nethermind, and Reth) they discovered <strong>14 bugs<\/strong> across different network protocol layers. These bugs can lead to:<\/p>\n<ul role=\"list\" class=\"css-1ars4k6\">\n<li class=\"css-0\"><strong>Asymmetric CPU consumption<\/strong> \u2013 where an attacker consumes far less CPU than the victim (up to 4x asymmetry in some cases).<\/li>\n<li class=\"css-0\"><strong>Denied information propagation<\/strong> \u2013 where a victim node becomes unresponsive to peer discovery or blockchain data requests (affecting Besu, Erigon, and Nethermind).<\/li>\n<li class=\"css-0\"><strong>Node crashes<\/strong> \u2013 where flooding attacks cause out-of-memory errors and crash the victim node (affecting Nethermind, Reth, and Erigon).<\/li>\n<\/ul>\n<p class=\"chakra-text css-gi02ar\">The findings highlight that no execution client is completely immune to message-flooding attacks, and further efforts are needed to develop effective countermeasures (e.g., adaptive rate-limiting). The testing framework and results have been shared with the Ethereum Foundation&#8217;s Protocol Security team to inform further client security research.<\/p>\n<h2 class=\"chakra-heading group css-1kpzc4q\" id=\"other-stipend-recipients\" data-group=\"true\"><a class=\"chakra-link css-128fqrf\" aria-label=\"other stipend recipients permalink\" href=\"#other-stipend-recipients\"><svg viewbox=\"0 0 24 24\" focusable=\"false\" class=\"chakra-icon css-173jpr1\"><g fill=\"currentColor\"><path d=\"M10.458,18.374,7.721,21.11a2.853,2.853,0,0,1-3.942,0l-.892-.891a2.787,2.787,0,0,1,0-3.941l5.8-5.8a2.789,2.789,0,0,1,3.942,0l.893.892A1,1,0,0,0,14.94,9.952l-.893-.892a4.791,4.791,0,0,0-6.771,0l-5.8,5.8a4.787,4.787,0,0,0,0,6.77l.892.891a4.785,4.785,0,0,0,6.771,0l2.736-2.735a1,1,0,1,0-1.414-1.415Z\"\/><path d=\"M22.526,2.363l-.892-.892a4.8,4.8,0,0,0-6.77,0l-2.905,2.9a1,1,0,0,0,1.414,1.414l2.9-2.9a2.79,2.79,0,0,1,3.941,0l.893.893a2.786,2.786,0,0,1,0,3.942l-5.8,5.8a2.769,2.769,0,0,1-1.971.817h0a2.766,2.766,0,0,1-1.969-.816,1,1,0,1,0-1.415,1.412,4.751,4.751,0,0,0,3.384,1.4h0a4.752,4.752,0,0,0,3.385-1.4l5.8-5.8a4.786,4.786,0,0,0,0-6.771Z\"\/><\/g><\/svg><\/a><strong>Other Stipend Recipients<\/strong><\/h2>\n<p class=\"chakra-text css-gi02ar\">For brevity we could not do a full write-up on all recipient projects. The remaining recipients contributed across a wide range of security-related public goods:<\/p>\n<div class=\"css-ylxp7t\">\n<table class=\"chakra-table css-nz8z8i\">\n<thead class=\"css-0\">\n<tr class=\"css-0\">\n<th class=\"css-b6vxtn\">Recipient<\/th>\n<th class=\"css-b6vxtn\">Output<\/th>\n<\/tr>\n<\/thead>\n<tbody class=\"css-i54j9x\">\n<tr class=\"css-0\">\n<td class=\"css-3c0snn\"><strong>Kelsie Nabben<\/strong><\/td>\n<td class=\"css-3c0snn\">Wrote <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/www.amazon.com\/Decentralised-digital-security-community-Inscriptions\/dp\/1526187094\">a book<\/a> based on 2.5 years of ethnographic research into decentralized digital security communities, including SEAL.<\/td>\n<\/tr>\n<tr class=\"css-0\">\n<td class=\"css-3c0snn\"><strong>Mothra team<\/strong><\/td>\n<td class=\"css-3c0snn\">Built <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/github.com\/ambergroup-labs\/Mothra\">Mothra<\/a>, a Ghidra extension for EVM bytecode reverse engineering, including support for EOF decompilation. Published detailed technical write-ups on the development process.<\/td>\n<\/tr>\n<tr class=\"css-0\">\n<td class=\"css-3c0snn\"><a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/x.com\/somaxbt\"><strong>SomaXBT<\/strong><\/a><\/td>\n<td class=\"css-3c0snn\">Published a four-part series on <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/paragraph.com\/@somaxbt\/\">blockchain forensics<\/a> and the crypto threat landscape, covering fund tracing, attribution techniques, and OSINT methods.<\/td>\n<\/tr>\n<tr class=\"css-0\">\n<td class=\"css-3c0snn\"><strong>Peter Kacherginsky<\/strong><\/td>\n<td class=\"css-3c0snn\">Published <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/blockthreat.com\/\">BlockThreat<\/a>, a platform for blockchain threat intelligence that analyzes past blockchain security incidents and their root causes.<\/td>\n<\/tr>\n<tr class=\"css-0\">\n<td class=\"css-3c0snn\"><strong>Attack Vectors<\/strong><\/td>\n<td class=\"css-3c0snn\">Built <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/www.attackvectors.org\/\">attackvectors.org<\/a>, an open-source, continuously updated guide covering the top attack vectors in DeFi with prevention strategies. Also contributed to SEAL&#8217;s <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/frameworks.securityalliance.org\/wallet-security\/overview\">Wallet Security Framework<\/a> and became a SEAL Steward.<\/td>\n<\/tr>\n<tr class=\"css-0\">\n<td class=\"css-3c0snn\"><strong>Tim Fan<\/strong><\/td>\n<td class=\"css-3c0snn\">Developed <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/github.com\/AgnopraxLab\/D2PFuzz\">D2PFuzz<\/a>, a DevP2P protocol fuzzing framework with differential testing across multiple execution layer clients. Found bugs through both single-client and cross-client testing.<\/td>\n<\/tr>\n<tr class=\"css-0\">\n<td class=\"css-3c0snn\"><a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/x.com\/nft_dreww\"><strong>nft_dreww<\/strong><\/a><\/td>\n<td class=\"css-3c0snn\">Published security articles, hosted educational classes through Boring Security, and completed audits on Ethereum public goods projects.<\/td>\n<\/tr>\n<tr class=\"css-0\">\n<td class=\"css-3c0snn\"><strong>Jean-Lo\u00efc Mugnier<\/strong><\/td>\n<td class=\"css-3c0snn\">Developed a <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/github.com\/IPSProtocol\/web3_tx_simulation_plugin\">Web3 transaction simulation Chrome extension<\/a> that intercepts and simulates transactions before they reach the wallet, along with simulation spoofing research.<\/td>\n<\/tr>\n<tr class=\"css-0\">\n<td class=\"css-3c0snn\"><strong>Alexandre Melo<\/strong><\/td>\n<td class=\"css-3c0snn\">Produced <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/www.youtube.com\/@opensensepw\">security workshop videos<\/a> covering fuzzing, smart accounts, AI-driven auditing, Solana security, and zero-knowledge proofs.<\/td>\n<\/tr>\n<tr class=\"css-0\">\n<td class=\"css-3c0snn\"><strong>Ho Nhut Minh<\/strong><\/td>\n<td class=\"css-3c0snn\">Enhanced CuEVM, a GPU-accelerated EVM implementation, with multi-GPU support and a Golang library for integration with the <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/github.com\/crytic\/medusa\">Medusa<\/a> fuzzer. Benchmarked on Nvidia H100 GPUs.<\/td>\n<\/tr>\n<tr class=\"css-0\">\n<td class=\"css-3c0snn\"><strong>Sergio Garcia<\/strong><\/td>\n<td class=\"css-3c0snn\">Built the <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/t.me\/TracelonMonitoringBot\">Tracelon Monitoring Bot<\/a>, a Telegram bot for real-time block monitoring on Ethereum, Bitcoin, and Base with ERC20 balance change alerts. Also continued contributing to SEAL 911 incident response.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<h2 class=\"chakra-heading group css-1kpzc4q\" id=\"looking-ahead\" data-group=\"true\"><a class=\"chakra-link css-128fqrf\" aria-label=\"looking ahead permalink\" href=\"#looking-ahead\"><svg viewbox=\"0 0 24 24\" focusable=\"false\" class=\"chakra-icon css-173jpr1\"><g fill=\"currentColor\"><path d=\"M10.458,18.374,7.721,21.11a2.853,2.853,0,0,1-3.942,0l-.892-.891a2.787,2.787,0,0,1,0-3.941l5.8-5.8a2.789,2.789,0,0,1,3.942,0l.893.892A1,1,0,0,0,14.94,9.952l-.893-.892a4.791,4.791,0,0,0-6.771,0l-5.8,5.8a4.787,4.787,0,0,0,0,6.77l.892.891a4.785,4.785,0,0,0,6.771,0l2.736-2.735a1,1,0,1,0-1.414-1.415Z\"\/><path d=\"M22.526,2.363l-.892-.892a4.8,4.8,0,0,0-6.77,0l-2.905,2.9a1,1,0,0,0,1.414,1.414l2.9-2.9a2.79,2.79,0,0,1,3.941,0l.893.893a2.786,2.786,0,0,1,0,3.942l-5.8,5.8a2.769,2.769,0,0,1-1.971.817h0a2.766,2.766,0,0,1-1.969-.816,1,1,0,1,0-1.415,1.412,4.751,4.751,0,0,0,3.384,1.4h0a4.752,4.752,0,0,0,3.385-1.4l5.8-5.8a4.786,4.786,0,0,0,0-6.771Z\"\/><\/g><\/svg><\/a><strong>Looking Ahead<\/strong><\/h2>\n<p class=\"chakra-text css-gi02ar\">The ETH Rangers Program set out to support people doing unglamorous but essential security work for Ethereum.<\/p>\n<p class=\"chakra-text css-gi02ar\">The variety of their contributions reflects the breadth of what &#8220;public goods security&#8221; means in practice. It&#8217;s about more than finding bugs; it\u2019s also about building tools, training people, documenting knowledge, responding to incidents, and making the ecosystem more resilient.<\/p>\n<p class=\"chakra-text css-gi02ar\">By supporting public goods security work, the program integrated new tools, research, and intelligence into the broader Ethereum ecosystem. This decentralized approach to defense provides a stronger foundation for builders and users worldwide.<\/p>\n<p class=\"chakra-text css-gi02ar\">We are grateful to all 17 stipend recipients for their contributions, and to Secureum, The Red Guild, and Security Alliance for their collaboration in running the ETH Rangers Program.<\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/blog.ethereum.org\/en\/2026\/04\/16\/eth-rangers-recap\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In late 2024, the Ethereum Foundation, together with Secureum, The Red Guild, and Security Alliance (SEAL), launched the ETH Rangers Program, an initiative to provide stipends for individuals doing public goods security work in the Ethereum ecosystem. The goal of the program was straightforward: to fund independent efforts that enhance the resilience of the Ethereum [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":18498,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"tdm_status":"","tdm_grid_status":"","footnotes":""},"categories":[24],"tags":[],"kronos_expire_date":[],"class_list":["post-19324","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ethereum"],"_links":{"self":[{"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/posts\/19324","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/comments?post=19324"}],"version-history":[{"count":0,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/posts\/19324\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/media\/18498"}],"wp:attachment":[{"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/media?parent=19324"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/categories?post=19324"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/tags?post=19324"},{"taxonomy":"kronos_expire_date","embeddable":true,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/kronos_expire_date?post=19324"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}