Throughout Devconnect Buenos Aires, the Ethereum Basis and Secureum TrustX introduced collectively Ethereum safety practitioners for Trillion Greenback Safety Day, a centered occasion exploring what it could take to securely help a trillion-dollar Ethereum economic system.
The occasion introduced collectively round eighty individuals from throughout the Ethereum Safety Ecosystem—spanning Infrastructure, Interoperability, Layer 1 & 2, Onchain, Offchain, Privateness, and Wallets—to evaluate the present safety panorama, floor shared challenges, and establish concrete subsequent steps throughout the stack.
The discussions and outputs from this occasion contribute to the Ethereum Basis’s ongoing One Trillion Greenback Safety (1TS) initiative.
Why a Trillion Greenback Safety Day?
The Trillion Greenback Safety day was designed to create centered, in-person discussions inside particular person layers, bringing collectively practitioners who work on comparable components of the stack to evaluate present safety posture, share operational realities, and establish near-term priorities. The outcomes of those classes have been then synthesized to spotlight patterns and dependencies throughout the broader ecosystem.
The targets of the Trillion Greenback Safety gathering have been to:
- Consider Ethereum’s safety posture throughout the total stack, figuring out gaps, challenges, and rising dangers
- Allow short-term execution by aligning ecosystem actors round actionable priorities
- Strengthen long-term safety via coordination, shared requirements, and ecosystem empowerment
Members cut up into breakout classes by layer, discussing what’s working at the moment, what will not be, and the place effort is most urgently wanted.
Snapshot: Cross-Layer Observations
Throughout the seven layers, individuals surfaced a number of recurring themes:
- Safety is usually handled as a milestone fairly than a steady course of
- Belief assumptions are insufficiently communicated to customers
- Important safety tooling and public items lack sustainable funding
- Coordination and incentives—not cryptography—stay dominant danger elements
The desk under captures a condensed view of key points and fast subsequent steps recognized in the course of the classes.
| Layer | Key Points | Recognized Speedy Subsequent Steps |
|---|---|---|
| Layer 1 & 2 | Quantum danger, weak L1/L2 coordination, cloud dependence, compressed testing | Broaden EPF onboarding, create L2 liaisons, enhance EIP versioning & possession |
| Wallets | Blind signing, paywalled safety, low coordination | Kind an Open Signing Alliance, impartial/on-chain EIP-7730 registry, pockets dashboards |
| Onchain | “Audited ≠ safe”, weak IR, OpSec failures | Fund OSS safety tooling, create DeFi safety visibility, promote SEAL |
| Interop | Unsafe belief assumptions, UX favors pace over security | Interop belief scores, clearer disclosures, enhance canonical bridge UX |
| Infrastructure | Frontend hacks, RPC centralization, DNS SPOFs | Verifiable frontends, infra transparency dashboards, light-client wallets |
| Offchain | Misaligned incentives, Web2 attack-surface blind spots | Safety frameworks, certifications, public-goods staffing fashions |
Key Themes by Layer
Full shows for every layer might be discovered right here.
Layer 1 & 2: Coordination Stays a Bottleneck
Ethereum’s multiclient structure, specification-driven improvement, and conservative Layer 1 change course of proceed to supply sturdy safety foundations. Nonetheless, individuals highlighted dangers stemming from restricted coordination between L1 and L2s, compressed testing timelines, over-reliance on cloud infrastructure, and issues round supply-chain assaults.
Key challenges embrace restricted group and L2 participation in All Core Devs calls, constrained consumer group capability to evaluate evolving EIPs early, and ongoing L1–L2 bridging and RPC resilience issues.
Proposed subsequent steps give attention to increasing the Ethereum Protocol Fellowship (EPF), creating clearer L2 liaison roles, enhancing EIP versioning and possession expectations, and strengthening moderation and accessibility in coordination boards.
Wallets: Consumer Safety Stays Too Opaque
Progress on signing requirements akin to EIP-7730 and enhancements to pockets discoverability have been famous as positives. On the similar time, most {hardware} wallets nonetheless depend on blind signing, and pockets participation in shared safety discussions stays restricted.
Members pointed to the aggressive pockets panorama as a structural barrier to collaboration, alongside an over-reliance on the Ethereum Basis to drive coordination.
A key proposal was the creation of an Open Signing Alliance, anchored in Ethereum’s values of openness, neutrality, and the walkaway take a look at. Further priorities embrace internet hosting the EIP-7730 registry in a impartial—or on-chain—context and funding wallet-focused safety dashboards to enhance transparency and legitimacy.
Onchain Safety: Tooling and Visibility Lag Behind Danger
Onchain safety continues to learn from a rising pool of skilled safety researchers, improved tooling (e.g. Foundry), and elevated consciousness of incident response via efforts akin to SEAL911. Nonetheless, safety remains to be usually handled as a checkbox, and “audited” is continuously conflated with “safe.”
Members emphasised that almost all latest losses stem from operational safety failures, not novel smart-contract exploits. Different challenges embrace rising protocol complexity, restricted invariant monitoring, and a scarcity of financial audits.
Speedy subsequent steps embrace sustained funding for open-source safety tooling (fuzzers, static and dynamic analyzers), improved visibility into DeFi safety posture (a “L2BEAT-like” strategy), and broader adoption of SEAL frameworks and checklists for various contract lessons.
Interoperability: Belief Assumptions Should Be Express
Ethereum customers profit from a variety of interoperability choices and more and more quick, low-cost UX. On the similar time, individuals highlighted that many interop protocols depend on poorly communicated belief assumptions, main customers to mistake “quick and low-cost” for secure.
Many non-canonical bridges fail the walkaway take a look at, and danger usually persists after bridging as a consequence of wrapped belongings and downstream dependencies.
Proposed actions embrace creating interop belief scores that clearly specify assumptions and verification fashions, setting sturdy expectations for express belief disclosures by cross-chain aggregators, and enhancing the pace and price of canonical bridges to scale back reliance on unsafe alternate options. A follow-up interoperability workshop was additionally proposed.
Privateness: UX and Infrastructure Are the Major Constraints
There was broad settlement that privateness is more and more seen as a standard and essential a part of Ethereum’s future, with encouraging progress in zero-knowledge analysis and institutional adoption. Nonetheless, consumer expertise, price, and infrastructure limitations stay main blockers.
Key challenges embrace RPC-based monitoring, difficulties round non-public information storage and restoration, a scarcity of builders centered on non-public pockets UX, and the absence of {hardware} help for privacy-preserving keys.
Steered subsequent steps embrace better use of light-client information over P2P RPC, funding in non-public pockets UX, analysis into ZK-capable {hardware} signers, and engagement with regulators to hunt clearer steering for permissionless privateness applied sciences.
Infrastructure & Offchain Safety: The Invisible Assault Floor
Frontend compromises, DNS hijacks, RPC centralization, and software program supply-chain assaults have been repeatedly cited as underappreciated dangers. Members additionally famous a scarcity of sustainable financial alignment for non-profits offering essential safety public items.
Key challenges embrace the false separation between “Web2” and “Web3” safety, restricted accountability for off-chain failures, and the tendency to commerce safety for pace or comfort. The shortcoming to simply run nodes over Tor was additionally highlighted.
Proposed subsequent steps embrace constructing verifiable frontend prototypes, rising transparency round RPC and infrastructure well being, advancing safety frameworks and certifications, and creating structured collaboration fashions the place non-public firms contribute devoted time and assets to safety public items.
Occasion Reflections
Members rated the standard of dialogue and relevance of matters as glorious, highlighting the worth of in-person, cross-layer trade. The first areas for enchancment have been logistical, together with group measurement and alternatives for structured networking.
There was sturdy demand for future work centered on utilized safety requirements, shared tooling, and sensible “how-to” steering for implementation.
What Comes Subsequent
The Trillion Greenback Safety gathering highlighted the worth of bringing safety practitioners collectively in particular person to construct shared understanding and momentum. Targeted, face-to-face discussions helped speed up alignment on requirements, tooling, and sensible options in methods which can be troublesome to realize via asynchronous coordination alone.
The discussions additionally underscored the significance of sustaining a repeatedly up to date, shared view of Ethereum’s safety posture. Because the ecosystem evolves, staying forward of rising dangers requires usually reassessing what’s working, the place assumptions not maintain, and which areas want renewed consideration to help a trillion-dollar economic system.
The insights from Buenos Aires will proceed to tell the Ethereum Basis’s One Trillion Greenback Safety efforts, alongside ongoing work throughout the ecosystem. Close to-term focus stays on supporting execution, enabling adoption of open and impartial safety requirements, and strengthening the foundations wanted to maintain Ethereum safe at scale.
With due to the safety layer champions @vdWijden, @barnabas, @zachobront, @ethzed, @mattaereal, @ncsgy and @ThewizardofPOS. And @0xRajeev and @fredrik0x for internet hosting.
