TL;DR
- The Ethereum Foundation warned that cross-chain features and AI-generated code are currently the main vulnerability hotspots on the network.
- Bridges between chains and L2 networks with semi-centralized validators enable exploits through fake balances or malicious upgrades.
- New smart accounts and the lack of a formal incident response system leave Ethereum increasingly and constantly exposed to growing risks.
The Ethereum Foundation released its first security report under the Trillion Dollar Security program, an initiative aimed at identifying and reducing risks that threaten the assets moving across the network. The document highlights that cross-chain functions and the use of AI-generated or refactored code have become critical vulnerability points.
According to the report, cross-chain bridges remain among the ecosystem’s weakest contracts. Transferring assets and messages between networks contains failure points that have been repeatedly exploited in attacks. On top of that, the technical complexity of Layer 2 chains — where multi-hop bridges and semi-centralized verification systems are common — creates opportunities for balance manipulation and malicious contract upgrades.
Ethereum Closely Monitors New Smart Accounts
Another issue flagged in the report is the risk tied to Ethereum’s new smart accounts. These allow full delegation of control over assets and entire accounts through digital signatures. Malicious apps could exploit this mechanism to covertly gain full permissions. Additionally, the growing use of AI-generated or automatically refactored code introduces hard-to-detect flaws, creating openings for exploits in contracts presumed to be secure.
Lack of Effective Incident Response
The Ethereum Foundation also raised concerns about the current state of incident response. Hack and vulnerability detection still relies heavily on independent researchers and informal groups, causing delays in containing attacks. As a result, it recommends setting up a formal coordination system to improve reaction times and limit damage. It also suggests developing insurance mechanisms to cover losses in affected projects.
The report further examines the risks surrounding staking, both in liquid staking networks and on the main chain. The concentration of large amounts of ETH in the hands of a few entities and validators enables collusion and practices like extracting value through transaction ordering. This trend threatens consensus decentralization, especially as new validators enter the network by staking large sums