During Devconnect Buenos Aires, the Ethereum Foundation and Secureum TrustX brought together Ethereum security practitioners for Trillion Dollar Security Day, a focused event exploring what it would take to securely support a trillion-dollar Ethereum economy.
The event brought together around eighty participants from across the Ethereum Security Ecosystem—spanning Infrastructure, Interoperability, Layer 1 & 2, Onchain, Offchain, Privacy, and Wallets—to assess the current security landscape, surface shared challenges, and identify concrete next steps across the stack.
The discussions and outputs from this event contribute to the Ethereum Foundation’s ongoing One Trillion Dollar Security (1TS) initiative.
Why a Trillion Dollar Security Day?
The Trillion Dollar Security day was designed to create focused, in-person discussions within individual layers, bringing together practitioners who work on similar parts of the stack to assess current security posture, share operational realities, and identify near-term priorities. The outcomes of these sessions were then synthesized to highlight patterns and dependencies across the broader ecosystem.
The goals of the Trillion Dollar Security gathering were to:
- Evaluate Ethereum’s security posture across the full stack, identifying gaps, challenges, and emerging risks
- Enable short-term execution by aligning ecosystem actors around actionable priorities
- Strengthen long-term security through coordination, shared standards, and ecosystem empowerment
Participants split into breakout sessions by layer, discussing what is working today, what is not, and where effort is most urgently needed.
Snapshot: Cross-Layer Observations
Across the seven layers, participants surfaced several recurring themes:
- Security is often treated as a milestone rather than a continuous process
- Trust assumptions are insufficiently communicated to users
- Critical security tooling and public goods lack sustainable funding
- Coordination and incentives—not cryptography—remain dominant risk factors
The table below captures a condensed view of key issues and immediate next steps identified during the sessions.
| Layer | Key Issues | Identified Immediate Next Steps |
|---|---|---|
| Layer 1 & 2 | Quantum risk, weak L1/L2 coordination, cloud dependence, compressed testing | Expand EPF onboarding, create L2 liaisons, improve EIP versioning & ownership |
| Wallets | Blind signing, paywalled security, low coordination | Form an Open Signing Alliance, neutral/on-chain EIP-7730 registry, wallet dashboards |
| Onchain | “Audited ≠ secure”, weak IR, OpSec failures | Fund OSS security tooling, create DeFi security visibility, promote SEAL |
| Interop | Unsafe trust assumptions, UX favors speed over safety | Interop trust ratings, clearer disclosures, improve canonical bridge UX |
| Infrastructure | Frontend hacks, RPC centralization, DNS SPOFs | Verifiable frontends, infra transparency dashboards, light-client wallets |
| Offchain | Misaligned incentives, Web2 attack-surface blind spots | Security frameworks, certifications, public-goods staffing models |
Key Themes by Layer
Full presentations for each layer can be found here.
Layer 1 & 2: Coordination Remains a Bottleneck
Ethereum’s multiclient architecture, specification-driven development, and conservative Layer 1 change process continue to provide strong security foundations. However, participants highlighted risks stemming from limited coordination between L1 and L2s, compressed testing timelines, over-reliance on cloud infrastructure, and concerns around supply-chain attacks.
Key challenges include limited community and L2 participation in All Core Devs calls, constrained client team capacity to review evolving EIPs early, and ongoing L1–L2 bridging and RPC resilience concerns.
Proposed next steps focus on expanding the Ethereum Protocol Fellowship (EPF), creating clearer L2 liaison roles, improving EIP versioning and ownership expectations, and strengthening moderation and accessibility in coordination forums.
Wallets: User Security Remains Too Opaque
Progress on signing standards such as EIP-7730 and improvements to wallet discoverability were noted as positives. At the same time, most hardware wallets still rely on blind signing, and wallet participation in shared security discussions remains limited.
Participants pointed to the competitive wallet landscape as a structural barrier to collaboration, alongside an over-reliance on the Ethereum Foundation to drive coordination.
A key proposal was the creation of an Open Signing Alliance, anchored in Ethereum’s values of openness, neutrality, and the walkaway test. Additional priorities include hosting the EIP-7730 registry in a neutral—or on-chain—context and funding wallet-focused security dashboards to improve transparency and legitimacy.
Onchain Security: Tooling and Visibility Lag Behind Risk
Onchain security continues to benefit from a growing pool of experienced security researchers, improved tooling (e.g. Foundry), and increased awareness of incident response through efforts such as SEAL911. However, security is still often treated as a checkbox, and “audited” is frequently conflated with “secure.”
Participants emphasized that most recent losses stem from operational security failures, not novel smart-contract exploits. Other challenges include increasing protocol complexity, limited invariant monitoring, and a lack of economic audits.
Immediate next steps include sustained funding for open-source security tooling (fuzzers, static and dynamic analyzers), improved visibility into DeFi security posture (a “L2BEAT-like” approach), and broader adoption of SEAL frameworks and checklists for different contract classes.
Interoperability: Trust Assumptions Must Be Explicit
Ethereum users benefit from a wide range of interoperability options and increasingly fast, low-cost UX. At the same time, participants highlighted that many interop protocols rely on poorly communicated trust assumptions, leading users to mistake “fast and cheap” for safe.
Many non-canonical bridges fail the walkaway test, and risk often persists after bridging due to wrapped assets and downstream dependencies.
Proposed actions include developing interop trust ratings that clearly specify assumptions and verification models, setting strong expectations for explicit trust disclosures by cross-chain aggregators, and improving the speed and cost of canonical bridges to reduce reliance on unsafe alternatives. A follow-up interoperability workshop was also proposed.
Privacy: UX and Infrastructure Are the Primary Constraints
There was broad agreement that privacy is increasingly seen as a normal and necessary part of Ethereum’s future, with encouraging progress in zero-knowledge research and institutional adoption. However, user experience, cost, and infrastructure limitations remain major blockers.
Key challenges include RPC-based tracking, difficulties around private data storage and recovery, a lack of builders focused on private wallet UX, and the absence of hardware support for privacy-preserving keys.
Suggested next steps include greater use of light-client data over P2P RPC, investment in private wallet UX, research into ZK-capable hardware signers, and engagement with regulators to seek clearer guidance for permissionless privacy technologies.
Infrastructure & Offchain Security: The Invisible Attack Surface
Frontend compromises, DNS hijacks, RPC centralization, and software supply-chain attacks were repeatedly cited as underappreciated risks. Participants also noted a lack of sustainable economic alignment for non-profits providing critical security public goods.
Key challenges include the false separation between “Web2” and “Web3” security, limited accountability for off-chain failures, and the tendency to trade security for speed or convenience. The inability to easily run nodes over Tor was also highlighted.
Proposed next steps include building verifiable frontend prototypes, increasing transparency around RPC and infrastructure health, advancing security frameworks and certifications, and creating structured collaboration models where private companies contribute dedicated time and resources to security public goods.
Event Reflections
Participants rated the quality of discussion and relevance of topics as excellent, highlighting the value of in-person, cross-layer exchange. The primary areas for improvement were logistical, including group size and opportunities for structured networking.
There was strong demand for future work focused on applied security standards, shared tooling, and practical “how-to” guidance for implementation.
What Comes Next
The Trillion Dollar Security gathering highlighted the value of bringing security practitioners together in person to build shared understanding and momentum. Focused, face-to-face discussions helped accelerate alignment on standards, tooling, and practical solutions in ways that are difficult to achieve through asynchronous coordination alone.
The discussions also underscored the importance of maintaining a continuously updated, shared view of Ethereum’s security posture. As the ecosystem evolves, staying ahead of emerging risks requires regularly reassessing what is working, where assumptions no longer hold, and which areas need renewed attention to support a trillion-dollar economy.
The insights from Buenos Aires will continue to inform the Ethereum Foundation’s One Trillion Dollar Security efforts, alongside ongoing work across the ecosystem. Near-term focus remains on supporting execution, enabling adoption of open and neutral security standards, and strengthening the foundations needed to keep Ethereum secure at scale.
With thanks to the security layer champions @vdWijden, @barnabas, @zachobront, @ethzed, @mattaereal, @ncsgy and @ThewizardofPOS. And @0xRajeev and @fredrik0x for hosting.
