ETH Rangers Program Recap

5 days ago

In precocious 2024, the Ethereum Foundation, unneurotic with Secureum, The Red Guild, and Security Alliance (SEAL), launched the ETH Rangers Program, an inaugural to supply stipends for individuals doing nationalist goods information enactment successful the Ethereum ecosystem.

The extremity of the programme was straightforward: to money autarkic efforts that heighten the resilience of the Ethereum ecosystem, and to admit radical with demonstrated way records of meaningful contributions to important information enactment that benefits Ethereum arsenic a whole.

Now that the six period ETH Rangers Program has wrapped up, we privation to stock the outcomes of the 17 stipend recipients’ work. The breadth of their output is impressive, from vulnerability probe and information tooling, to education, menace intelligence, and incidental response.

Across recipient initiatives, consolidated outcomes include:

Over 5.8 cardinal dollars successful funds recovered oregon frozen
Over 785 vulnerabilities, lawsuit bugs, and impervious of concepts reported oregon cataloged
Approximately 100 authorities sponsored operatives identified crossed much than teams
Over 209,000 views and users reached with menace consciousness and investigative content
800+ teams engaged successful sponsored information challenges and investigations
Over 80 workshops, talks, and method oregon acquisition resources delivered
36+ incidental responses handled
7+ unfastened root tooling repositories, frameworks, and implementations developed oregon improved

These ETH Rangers Program results show the world that securing a decentralized web requires a decentralized defense.

From protocol-level vulnerability probe to planetary developer education, these autarkic researchers built infrastructure that volition multiply information effects crossed the full ecosystem.

Project Highlights

SunSec – DeFiHackLabs

SunSec, with the DeFiHackLabs community, delivered an bonzer measurement of information acquisition and tooling work. Over the stipend period, DeFiHackLabs:

Built an Incident Explorer level for searching and analysing DeFi incidents with proof-of-concept (PoC) exploits and basal origin analysis, covering 620+ PoCs to date.
Ran a PoC Summer Contest that received 43 caller proof-of-concept submissions from the community.
Delivered six store sessions astatine Korea University covering astute declaration bug classes, auditing, and onslaught lawsuit analysis.
Partnered with HITCON CTF (717 participating teams) to make a Web3 information challenge.
Had seven talks selected astatine COSCUP 2025, covering topics from phishing to ceremonial verification.
Ran CTF grooming sessions, penning campaigns, a Web3 Security Club, and a endowment referral programme to link achromatic hats with employment opportunities.

The sheer standard of assemblage activation present is notable. DeFiHackLabs operates arsenic a multiplier, turning 1 stipend into acquisition output that reaches hundreds of information researchers.

Ketman Project – DPRK IT Worker Investigations

One recipient utilized their stipend to physique and standard the Ketman Project, focused connected discovering and expelling North Korean (DPRK) IT workers who person infiltrated blockchain projects nether fake identities.

Over the stipend period, they:

Reached retired to approximately 53 projects and identified around 100 antithetic DPRK IT workers operating wrong Web3 organizations.
Published investigative articles connected ketman.org that reached implicit 3,300 progressive users and 6,200 leafage views, covering topics specified arsenic relationship takeover tactics, freelance level infiltration, and DPRK-Russia connections.
Developed and open-sourced gh-fake-analyzer, a GitHub illustration investigation instrumentality for detecting suspicious enactment patterns, present available connected PyPI.
Co-authored the DPRK IT Workers Framework with SEAL, which has go a modular notation papers for the industry.
Contributed information to the Lazarus.group menace quality project, with their enactment featured successful a presumption astatine DEF CON.

This enactment straight addresses 1 of the astir pressing operational information threats facing the Ethereum ecosystem today.

Nick Bax – Incident Response and Threat Intelligence

Nick Bax contributed crossed aggregate fronts, chiefly done SEAL 911 incidental response, DPRK menace mitigation, and nationalist awareness.

Contributed to over 36 SEAL 911 tickets, including assisting with the Loopscale exploit incidental effect that resulted successful the return of $5.8M.
As portion of a team, identified and notified 30+ teams that they were employing DPRK IT workers, and coordinated the freezing of mid-six-figures of funds received by those workers.
Created an awareness video astir DPRK "Fake VC" scams that received 200,000 views connected X, with aggregate crypto executives publically crediting it for helping them debar being hacked.
Identified and disclosed a homoglyph onslaught utilized by the "ELUSIVE COMET" menace radical to evade Zoom's suspicious sanction detection, resulting successful the vulnerability being patched.
Represented SEAL astatine a US Department of Treasury roundtable connected DPRK hacker mitigations and spoke astatine a league astatine Interpol Headquarters successful Lyon.

Guild Audits – Security Education successful Africa and Beyond

Guild Audits ran intensive astute declaration information bootcamps, grooming the adjacent procreation of Ethereum information researchers.

Bootcamp cohorts trained researchers crossed Africa, Asia, Europe, and the Americas, who went connected to study 110+ vulnerabilities crossed large audit contention platforms, including Sherlock, Code4rena, Codehawks, Cantina, and Immunefi, with respective students ranking successful the top 10 connected leaderboards.
Students published 55+ method articles, projected EIPs, replayed real-world hacks, and conducted pro-bono audits for open-source projects specified arsenic Coinsafe and SIR.
On 8 November 2025, Guild Audits hosted Africa's archetypal Web3 Security Summit, bringing unneurotic information researchers, auditors, and developers from crossed the continent.

The capacity-building interaction of Guild Audits’ astute declaration information bootcamps is significant, creating a pipeline of skilled information researchers successful regions that person been historically underrepresented successful the Ethereum information community.

Palina Tolmach – Kontrol: Usable Formal Verification

Palina Tolmach of Runtime Verification worked connected improving Kontrol, a ceremonial verification instrumentality for Ethereum astute contracts, to marque the instrumentality much accessible to developers and information researchers.

Key Kontrol improvements delivered include:

Improved output clarity – cleaner mistake messages, decoded nonaccomplishment reasons, console.log enactment successful proofs, and pretty-printed way conditions, making impervious results acold easier to interpret.
Counterexample generation – erstwhile a impervious fails, Kontrol tin present automatically make a runnable Foundry trial demonstrating the failure, drastically reducing the iteration clip for ceremonial verification.
Structured symbolic storage – automated procreation of typed retention representations via a caller kontrol setup-storage command, simplifying impervious setup.
Comprehensive documentation overhaul – created caller guides for bytecode verification, dynamic types, debugging, and each supported cheatcodes.
Lemma improvements – upstreamed captious lemmas to KEVM for amended automated reasoning, including enactment for immutable variables and whitelist cheatcodes.

All of this enactment is unfastened root astatine github.com/runtimeverification/kontrol, improving the ceremonial verification tooling scenery for each information researchers.

Ethereum Execution Client DoS Research

A probe squad developed a investigating model to systematically measure the robustness of Ethereum execution clients nether message-flooding denial-of-service attacks.

By investigating each 5 large execution clients (Geth, Besu, Erigon, Nethermind, and Reth) they discovered 14 bugs crossed antithetic web protocol layers. These bugs tin pb to:

Asymmetric CPU consumption – wherever an attacker consumes acold little CPU than the unfortunate (up to 4x asymmetry successful immoderate cases).
Denied accusation propagation – wherever a unfortunate node becomes unresponsive to adjacent find oregon blockchain information requests (affecting Besu, Erigon, and Nethermind).
Node crashes – wherever flooding attacks origin out-of-memory errors and clang the unfortunate node (affecting Nethermind, Reth, and Erigon).

The findings item that nary execution lawsuit is wholly immune to message-flooding attacks, and further efforts are needed to make effectual countermeasures (e.g., adaptive rate-limiting). The investigating model and results person been shared with the Ethereum Foundation's Protocol Security squad to pass further lawsuit information research.

Other Stipend Recipients

For brevity we could not bash a afloat write-up connected each recipient projects. The remaining recipients contributed crossed a wide scope of security-related nationalist goods:

RecipientOutput

Kelsie Nabben	Wrote a book based connected 2.5 years of ethnographic probe into decentralized integer information communities, including SEAL.
Mothra team	Built Mothra, a Ghidra hold for EVM bytecode reverse engineering, including enactment for EOF decompilation. Published elaborate method write-ups connected the improvement process.
SomaXBT	Published a four-part bid connected blockchain forensics and the crypto menace landscape, covering money tracing, attribution techniques, and OSINT methods.
Peter Kacherginsky	Published BlockThreat, a level for blockchain menace quality that analyzes past blockchain information incidents and their basal causes.
Attack Vectors	Built attackvectors.org, an open-source, continuously updated usher covering the apical onslaught vectors successful DeFi with prevention strategies. Also contributed to SEAL's Wallet Security Framework and became a SEAL Steward.
Tim Fan	Developed D2PFuzz, a DevP2P protocol fuzzing model with differential investigating crossed aggregate execution furniture clients. Found bugs done some single-client and cross-client testing.
nft_dreww	Published information articles, hosted acquisition classes done Boring Security, and completed audits connected Ethereum nationalist goods projects.
Jean-Loïc Mugnier	Developed a Web3 transaction simulation Chrome extension that intercepts and simulates transactions earlier they scope the wallet, on with simulation spoofing research.
Alexandre Melo	Produced security store videos covering fuzzing, astute accounts, AI-driven auditing, Solana security, and zero-knowledge proofs.
Ho Nhut Minh	Enhanced CuEVM, a GPU-accelerated EVM implementation, with multi-GPU enactment and a Golang room for integration with the Medusa fuzzer. Benchmarked connected Nvidia H100 GPUs.
Sergio Garcia	Built the Tracelon Monitoring Bot, a Telegram bot for real-time artifact monitoring connected Ethereum, Bitcoin, and Base with ERC20 equilibrium alteration alerts. Also continued contributing to SEAL 911 incidental response.

Looking Ahead

The ETH Rangers Program acceptable retired to enactment radical doing unglamorous but indispensable information enactment for Ethereum.

The assortment of their contributions reflects the breadth of what "public goods security" means successful practice. It's astir much than uncovering bugs; it’s besides astir gathering tools, grooming people, documenting knowledge, responding to incidents, and making the ecosystem much resilient.

By supporting nationalist goods information work, the programme integrated caller tools, research, and quality into the broader Ethereum ecosystem. This decentralized attack to defence provides a stronger instauration for builders and users worldwide.

We are grateful to each 17 stipend recipients for their contributions, and to Secureum, The Red Guild, and Security Alliance for their collaboration successful moving the ETH Rangers Program.

View source