TL;DR
- Ethereum Foundation said the six-month ETH Rangers Program backed 17 recipients and ended with more than $5.8 million recovered or frozen and 785+ vulnerabilities reported.
- The initiative also reached 209,000+ users, engaged 800+ teams, delivered 80+ workshops and resources, and handled 36+ incident responses.
- Examples included DPRK worker investigations, Loopscale incident support, open-source tools, and community security education across Ethereum through a decentralized public-goods security framework overall.
Ethereum Foundation has published the closing recap of the ETH Rangers Program, drawing a line under a security effort that tried to fund the kind of work most ecosystems depend on but rarely celebrate. The final report argues that Ethereum’s resilience is being built not only through code, but through a distributed layer of researchers, responders, investigators, and educators. Launched in late 2024 with Secureum, The Red Guild, and Security Alliance, the six-month initiative backed 17 stipend recipients focused on public-goods security work across the Ethereum ecosystem.
The report’s numbers make that case hard to dismiss. Across the program, recipients recovered or froze more than $5.8 million, reported or cataloged over 785 vulnerabilities, and identified around 100 state-sponsored operatives working under false identities. Ethereum Foundation also said the effort reached more than 209,000 users with threat-awareness content, engaged over 800 teams in sponsored security challenges and investigations, delivered more than 80 workshops and technical resources, and handled 36+ incident responses. Together, those metrics suggest a program aimed less at isolated heroics than at building repeatable security capacity across Ethereum.
Public-Goods Security Moved From Theory to Practice
Some of the most striking examples came from projects that operated far from the usual audit narrative. One ETH Rangers recipient used the stipend to scale the Ketman Project, which contacted about 53 projects and identified roughly 100 DPRK IT workers embedded in Web3 organizations. The same work helped produce open-source detection tools and a framework that has become a reference point for the industry. Elsewhere, Nick Bax contributed across SEAL 911 incident response, helped with the Loopscale exploit response that resulted in the return of $5.8 million, and supported warnings to more than 30 teams employing DPRK workers.
The broader takeaway is that security work cannot be reduced to finding bugs before launch. Ethereum is framing this initiative as proof that incident response, intelligence gathering, education, tooling, and community training are all part of the same defensive surface. The Foundation said the program produced or improved more than seven open-source repositories, frameworks, and implementations, while recipient contributions ranged from reverse-engineering tools to workshops on fuzzing, smart accounts, AI-driven auditing, and zero-knowledge proofs. For Ethereum, the final report is less a victory lap than a case for decentralized defense as permanent infrastructure.
