Trillion Dollar Security Day at Devconnect

During Devconnect Buenos Aires, the Ethereum Foundation and Secureum TrustX brought unneurotic Ethereum information practitioners for Trillion Dollar Security, a focused lawsuit exploring what it would instrumentality to securely enactment a trillion-dollar Ethereum economy.

The lawsuit brought unneurotic astir eighty participants from crossed the Ethereum Security Ecosystem—spanning Infrastructure, Interoperability, Layer 1 & 2, Onchain, Offchain, Privacy, and Wallets—to measure the existent information landscape, aboveground shared challenges, and place factual adjacent steps crossed the stack.

The discussions and outputs from this lawsuit lend to the Ethereum Foundation’s ongoing One Trillion Dollar Security (1TS) initiative.

Why a Trillion Dollar Security Day?

The Trillion Dollar Security time was designed to make focused, in-person discussions wrong idiosyncratic layers, bringing unneurotic practitioners who enactment connected akin parts of the stack to measure existent information posture, stock operational realities, and place near-term priorities. The outcomes of these sessions were past synthesized to item patterns and dependencies crossed the broader ecosystem.

The goals of the Trillion Dollar Security gathering were to:

• Evaluate Ethereum’s information posture crossed the afloat stack, identifying gaps, challenges, and emerging risks
• Enable short-term execution by aligning ecosystem actors astir actionable priorities
• Strengthen semipermanent security done coordination, shared standards, and ecosystem empowerment

Participants divided into breakout sessions by layer, discussing what is moving today, what is not, and wherever effort is astir urgently needed.

Snapshot: Cross-Layer Observations

Across the 7 layers, participants surfaced respective recurring themes:

• Security is often treated arsenic a milestone alternatively than a continuous process
• Trust assumptions are insufficiently communicated to users
• Critical information tooling and nationalist goods deficiency sustainable funding
• Coordination and incentives—not cryptography—remain ascendant hazard factors

The array beneath captures a condensed presumption of cardinal issues and contiguous adjacent steps identified during the sessions.

Key Themes by Layer

Full presentations for each furniture tin beryllium recovered here.

Layer 1 & 2: Coordination Remains a Bottleneck

Ethereum’s multiclient architecture, specification-driven development, and blimpish Layer 1 alteration process proceed to supply beardown information foundations. However, participants highlighted risks stemming from constricted coordination betwixt L1 and L2s, compressed investigating timelines, over-reliance connected unreality infrastructure, and concerns astir supply-chain attacks.

Key challenges see constricted assemblage and L2 information successful All Core Devs calls, constrained lawsuit squad capableness to reappraisal evolving EIPs early, and ongoing L1–L2 bridging and RPC resilience concerns.

Proposed adjacent steps absorption connected expanding the Ethereum Protocol Fellowship (EPF), creating clearer L2 liaison roles, improving EIP versioning and ownership expectations, and strengthening moderation and accessibility successful coordination forums.

Wallets: User Security Remains Too Opaque

Progress connected signing standards specified arsenic EIP-7730 and improvements to wallet discoverability were noted arsenic positives. At the aforesaid time, astir hardware wallets inactive trust connected unsighted signing, information features are often proprietary oregon paywalled, and wallet information successful shared information discussions remains limited.

Participants pointed to the competitory wallet scenery arsenic a structural obstruction to collaboration, alongside an over-reliance connected the Ethereum Foundation to thrust coordination.

A cardinal connection was the instauration of an Open Signing Alliance, anchored successful Ethereum’s values of openness, neutrality, and the walkaway test. Additional priorities see hosting the EIP-7730 registry successful a neutral—or on-chain—context and backing wallet-focused information dashboards to amended transparency and legitimacy.

Onchain Security: Tooling and Visibility Lag Behind Risk

Onchain information continues to payment from a increasing excavation of experienced information researchers, improved tooling (e.g. Foundry), and accrued consciousness of incidental effect done efforts specified arsenic SEAL911. However, information is inactive often treated arsenic a checkbox, and “audited” is often conflated with “secure.”

Participants emphasized that astir caller losses stem from operational information failures, not caller smart-contract exploits. Other challenges see expanding protocol complexity, constricted invariant monitoring, and a deficiency of economical audits.

Immediate adjacent steps see sustained backing for open-source information tooling (fuzzers, static and dynamic analyzers), improved visibility into DeFi information posture (a “L2BEAT-like” approach), and broader adoption of SEAL frameworks and checklists for antithetic declaration classes.

Interoperability: Trust Assumptions Must Be Explicit

Ethereum users payment from a wide scope of interoperability options and progressively fast, low-cost UX. At the aforesaid time, participants highlighted that galore interop protocols trust connected poorly communicated spot assumptions, starring users to mistake “fast and cheap” for safe.

Many non-canonical bridges neglect the walkaway test, and hazard often persists aft bridging owed to wrapped assets and downstream dependencies.

Proposed actions see processing interop spot ratings that intelligibly specify assumptions and verification models, mounting beardown expectations for explicit spot disclosures by cross-chain aggregators, and improving the velocity and outgo of canonical bridges to trim reliance connected unsafe alternatives. A follow-up interoperability store was besides proposed.

Privacy: UX and Infrastructure Are the Primary Constraints

There was wide statement that privateness is progressively seen arsenic a mean and indispensable portion of Ethereum’s future, with encouraging advancement successful zero-knowledge probe and organization adoption. However, idiosyncratic experience, cost, and infrastructure limitations stay large blockers.

Key challenges see RPC-based tracking, difficulties astir backstage information retention and recovery, a deficiency of builders focused connected backstage wallet UX, and the lack of hardware enactment for privacy-preserving keys.

Suggested adjacent steps see greater usage of light-client information implicit P2P RPC, concern successful backstage wallet UX, probe into ZK-capable hardware signers, and engagement with regulators to question clearer guidance for permissionless privateness technologies.

Infrastructure & Offchain Security: The Invisible Attack Surface

Frontend compromises, DNS hijacks, RPC centralization, and bundle supply-chain attacks were repeatedly cited arsenic underappreciated risks. Participants besides noted a deficiency of sustainable economical alignment for non-profits providing captious information nationalist goods.

Key challenges see the mendacious separation betwixt “Web2” and “Web3” security, constricted accountability for off-chain failures, and the inclination to commercialized information for velocity oregon convenience. The inability to easy tally nodes implicit Tor was besides highlighted.

Proposed adjacent steps see gathering verifiable frontend prototypes, expanding transparency astir RPC and infrastructure health, advancing information frameworks and certifications, and creating structured collaboration models wherever backstage companies lend dedicated clip and resources to information nationalist goods.

Event Reflections

Participants rated the prime of treatment and relevance of topics arsenic excellent, highlighting the worth of in-person, cross-layer exchange. The superior areas for betterment were logistical, including radical size and opportunities for structured networking.

There was beardown request for aboriginal enactment focused connected applied information standards, shared tooling, and applicable “how-to” guidance for implementation.

What Comes Next

The Trillion Dollar Security gathering highlighted the worth of bringing information practitioners unneurotic successful idiosyncratic to physique shared knowing and momentum. Focused, face-to-face discussions helped accelerate alignment connected standards, tooling, and applicable solutions successful ways that are hard to execute done asynchronous coordination alone.

The discussions besides underscored the value of maintaining a continuously updated, shared presumption of Ethereum’s information posture. As the ecosystem evolves, staying up of emerging risks requires regularly reassessing what is working, wherever assumptions nary longer hold, and which areas request renewed attraction to enactment a trillion-dollar economy.

The insights from Buenos Aires volition proceed to pass the Ethereum Foundation’s One Trillion Dollar Security efforts, alongside ongoing enactment crossed the ecosystem. Near-term absorption remains connected supporting execution, enabling adoption of unfastened and neutral information standards, and strengthening the foundations needed to support Ethereum unafraid astatine scale.

With acknowledgment to the information furniture champions @vdWijden, @barnabas, @zachobront, @ethzed, @mattaereal, @ncsgy and @ThewizardofPOS.