Ethereum Blog
The Ethereum Foundation hosted a "Trillion Dollar Security Day" at Devconnect Buenos Aires, bringing together security practitioners to assess the current security landscape and identify next steps for supporting a trillion-dollar Ethereum economy.
AI 生成摘要
以太坊基金會在 Devconnect 布宜諾斯艾利斯活動中舉辦了「兆美元安全日」,匯集了安全領域的從業人員,以評估當前的安全態勢,並為支持兆美元以太坊經濟確定具體的下一步行動。
EF Blog
Categories
R&D
Research & Development
Events
Events
Org
Organizational
ESP
Ecosystem Support Program
ETH.org
Ethereum.org
Sec
Security
Protocol
Protocol Announcements
Funding
Funding Coordination
Languages
Security
During Devconnect Buenos Aires, the Ethereum Foundation and .css-vezwxf{transition-property:var(--chakra-transition-property-common);transition-duration:var(--chakra-transition-duration-fast);transition-timing-function:var(--chakra-transition-easing-ease-out);cursor:pointer;-webkit-text-decoration:none;text-decoration:none;outline:2px solid transparent;outline-offset:2px;font-family:var(--chakra-fonts-body);color:var(--chakra-colors-fg-link);display:inline;}.css-vezwxf:focus-visible,.css-vezwxf[data-focus-visible]{box-shadow:var(--chakra-shadows-outline);}.css-vezwxf:hover,.css-vezwxf[data-hover]{-webkit-text-decoration:none;text-decoration:none;box-shadow:inset 0 -8px 0 rgba(165, 234, 245, 0.5);}Secureum TrustX brought together Ethereum security practitioners for Trillion Dollar Security, a focused event exploring what it would take to securely support a trillion-dollar Ethereum economy.
The event brought together around eighty participants from across the Ethereum Security Ecosystem—spanning Infrastructure, Interoperability, Layer 1 & 2, Onchain, Offchain, Privacy, and Wallets—to assess the current security landscape, surface shared challenges, and identify concrete next steps across the stack.
The discussions and outputs from this event contribute to the Ethereum Foundation’s ongoing One Trillion Dollar Security (1TS) initiative.
The Trillion Dollar Security day was designed to create focused, in-person discussions within individual layers, bringing together practitioners who work on similar parts of the stack to assess current security posture, share operational realities, and identify near-term priorities. The outcomes of these sessions were then synthesized to highlight patterns and dependencies across the broader ecosystem.
The goals of the Trillion Dollar Security gathering were to:
Participants split into breakout sessions by layer, discussing what is working today, what is not, and where effort is most urgently needed.
Across the seven layers, participants surfaced several recurring themes:
The table below captures a condensed view of key issues and immediate next steps identified during the sessions.
Full presentations for each layer can be found here.
Ethereum’s multiclient architecture, specification-driven development, and conservative Layer 1 change process continue to provide strong security foundations. However, participants highlighted risks stemming from limited coordination between L1 and L2s, compressed testing timelines, over-reliance on cloud infrastructure, and concerns around supply-chain attacks.
Key challenges include limited community and L2 participation in All Core Devs calls, constrained client team capacity to review evolving EIPs early, and ongoing L1–L2 bridging and RPC resilience concerns.
Proposed next steps focus on expanding the Ethereum Protocol Fellowship (EPF), creating clearer L2 liaison roles, improving EIP versioning and ownership expectations, and strengthening moderation and accessibility in coordination forums.
Progress on signing standards such as EIP-7730 and improvements to wallet discoverability were noted as positives. At the same time, most hardware wallets still rely on blind signing, security features are frequently proprietary or paywalled, and wallet participation in shared security discussions remains limited.
Participants pointed to the competitive wallet landscape as a structural barrier to collaboration, alongside an over-reliance on the Ethereum Foundation to drive coordination.
A key proposal was the creation of an Open Signing Alliance, anchored in Ethereum’s values of openness, neutrality, and the walkaway test. Additional priorities include hosting the EIP-7730 registry in a neutral—or on-chain—context and funding wallet-focused security dashboards to improve transparency and legitimacy.
Onchain security continues to benefit from a growing pool of experienced security researchers, improved tooling (e.g. Foundry), and increased awareness of incident response through efforts such as SEAL911. However, security is still often treated as a checkbox, and “audited” is frequently conflated with “secure.”
Participants emphasized that most recent losses stem from operational security failures, not novel smart-contract exploits. Other challenges include increasing protocol complexity, limited invariant monitoring, and a lack of economic audits.
Immediate next steps include sustained funding for open-source security tooling (fuzzers, static and dynamic analyzers), improved visibility into DeFi security posture (a “L2BEAT-like” approach), and broader adoption of SEAL frameworks and checklists for different contract classes.
Ethereum users benefit from a wide range of interoperability options and increasingly fast, low-cost UX. At the same time, participants highlighted that many interop protocols rely on poorly communicated trust assumptions, leading users to mistake “fast and cheap” for safe.
Many non-canonical bridges fail the walkaway test, and risk often persists after bridging due to wrapped assets and downstream dependencies.
Proposed actions include developing interop trust ratings that clearly specify assumptions and verification models, setting strong expectations for explicit trust disclosures by cross-chain aggregators, and improving the speed and cost of canonical bridges to reduce reliance on unsafe alternatives. A follow-up interoperability workshop was also proposed.
There was broad agreement that privacy is increasingly seen as a normal and necessary part of Ethereum’s future, with encouraging progress in zero-knowledge research and institutional adoption. However, user experience, cost, and infrastructure limitations remain major blockers.
Key challenges include RPC-based tracking, difficulties around private data storage and recovery, a lack of builders focused on private wallet UX, and the absence of hardware support for privacy-preserving keys.
Suggested next steps include greater use of light-client data over P2P RPC, investment in private wallet UX, research into ZK-capable hardware signers, and engagement with regulators to seek clearer guidance for permissionless privacy technologies.
Frontend compromises, DNS hijacks, RPC centralization, and software supply-chain attacks were repeatedly cited as underappreciated risks. Participants also noted a lack of sustainable economic alignment for non-profits providing critical security public goods.
Key challenges include the false separation between “Web2” and “Web3” security, limited accountability for off-chain failures, and the tendency to trade security for speed or convenience. The inability to easily run nodes over Tor was also highlighted.
Proposed next steps include building verifiable frontend prototypes, increasing transparency around RPC and infrastructure health, advancing security frameworks and certifications, and creating structured collaboration models where private companies contribute dedicated time and resources to security public goods.
Participants rated the quality of discussion and relevance of topics as excellent, highlighting the value of in-person, cross-layer exchange. The primary areas for improvement were logistical, including group size and opportunities for structured networking.
There was strong demand for future work focused on applied security standards, shared tooling, and practical “how-to” guidance for implementation.
The Trillion Dollar Security gathering highlighted the value of bringing security practitioners together in person to build shared understanding and momentum. Focused, face-to-face discussions helped accelerate alignment on standards, tooling, and practical solutions in ways that are difficult to achieve through asynchronous coordination alone.
The discussions also underscored the importance of maintaining a continuously updated, shared view of Ethereum’s security posture. As the ecosystem evolves, staying ahead of emerging risks requires regularly reassessing what is working, where assumptions no longer hold, and which areas need renewed attention to support a trillion-dollar economy.
The insights from Buenos Aires will continue to inform the Ethereum Foundation’s One Trillion Dollar Security efforts, alongside ongoing work across the ecosystem. Near-term focus remains on supporting execution, enabling adoption of open and neutral security standards, and strengthening the foundations needed to keep Ethereum secure at scale.
With thanks to the security layer champions @vdWijden, @barnabas, @zachobront, @ethzed, @mattaereal, @ncsgy and @ThewizardofPOS.
Previous post
Next post
Subscribe to get email notifications about the topics you care about. Choose from research, events, security updates, and more.
Ethereum Foundation
Ethereum.org
ESP
Bug Bounty Program
Do-not-Track
Archive
Research & Development
Events
Organizational
Ecosystem Support Program
Ethereum.org
Security
Protocol Announcements
Funding Coordination