Ethereum Has a Plan to Revolutionize On-Chain Security
 |
| By Jurica Dujmovic |
With crypto’s legitimacy still a tenuous reality for many investors, talks of on-chain theft or scams can be taboo in polite society.
But bad actors exist no matter the market. And staying silent only helps them.
Which is why last week, I showed you how to build up your protection against AI-assisted scams. Those attacks — like the infamous GhostCall — give social engineering an AI boost to make you believe you’re interacting with a trusted contact.
But AI isn’t always needed to make a lie convincing. In fact, copycat websites have been around for ages. And they can trick you into believing they’re the real deal.
Over the past few years, scammers have stolen close to a billion dollars from ordinary Ethereum (ETH, “B+”) users with this method. Last year alone, more than 106,000 victims lost a combined $83.85 million this way, according to blockchain security firm ScamSniffer.
That’s a bit more than a rounding error. It’s a sign of serious rot in crypto’s security.
And for the first time, the organization that oversees Ethereum's development is treating it like one.
A New Kind of Initiative
The Ethereum Foundation — the nonprofit that funds the development of the world's second-largest blockchain — spent the first two weeks of February rolling out what it calls the Trillion Dollar Security initiative, or 1TS.
The name tells you everything about the ambition: Before serious institutional money flows into Ethereum at scale, the network needs to demonstrate it can protect it.
The initiative has three concrete pieces.
For an industry that tends to respond to theft with blog posts urging people to "be careful," this represents a meaningful shift.
One that shows how crypto is maturing.
ETH’s Vulnerabilities: The Honest Diagnosis
The first component, published on Feb. 3, is the findings — that is, the ecosystem’s real vulnerabilities — from 80 experts at a security working session in Buenos Aires.
What makes this session worth paying attention to isn't the fact that it happened — industry gatherings are common.
It's what the participants were willing to say publicly afterward.
The group concluded that the biggest risks to Ethereum aren't technical at all. Coordination failures, misaligned financial incentives and unclear accountability are the dominant threats — not the underlying cryptography.
That’s because security is treated as a box to check before a product launches, not a continuous responsibility. Users are left to navigate risks that they don't understand and weren't warned about.
That's a candid self-assessment from an ecosystem that, like most of crypto, has historically been better at celebrating its achievements than auditing its weaknesses.
And if the first step to solving a problem is recognizing you have one, this is a promising start.
The Public Security Dashboard
Not too long after the security session, the second component of 1TS — a public security dashboard — went live.
Think of this less like a press release and more like an annual report with red flags included. It organizes Ethereum's security posture across six areas …
- wallet software,
- smart contracts,
- network infrastructure,
- the core protocol,
- emergency response
- and governance.
It also tracks what protections are in place, what's still being built and what remains a known gap.
One big revelation this dashboard brings to light is in the infrastructure section.
The vast majority of Ethereum users connect to the network through third-party services called RPC providers. These are essentially middlemen between your wallet and the blockchain.
Most users have no idea these middlemen exist. So they’re unaware that a malicious or compromised RPC provider could, in theory, show them false account balances or block their transactions.
The dashboard names this explicitly and calls for infrastructure that would let users verify what they're seeing without trusting a third party.
That’s partly why the Ethereum Foundation will also launch an independent project called Walletbeat to benchmark how well popular wallets actually protect their users.
This is big, and it’s something that hasn't been done rigorously at an industry level before. It’s essentially a Consumer Reports for crypto wallets: independent testing, published scores and pressure on wallet makers to improve.
Hunting the Scammers
Finally, on Feb. 9, the Foundation announced the final piece of its initiative: It would fund a dedicated security engineer inside SEAL — a respected blockchain security group — specifically to disrupt wallet drainers targeting everyday users.
Like with Walletbeat, this is something new on the blockchain.
As I mentioned earlier, on-chain attacks typically see the same response from networks: It happens, here’s how to avoid becoming a target.
Some platforms may offer compensation or relief — as Cetus did after its hack in May 2025. But overall, the emphasis is on the victims, not the hacker.
But here, we see the Ethereum Foundation take a decisive step in a more proactive approach: funding someone to actually go after the people running the scams.
Wallet drainer operations — the fake websites and deceptive approval prompts responsible for most retail theft — function like small criminal enterprises. They have …
- developers,
- infrastructure,
- distribution channels
- and the ability to adapt when countermeasures are deployed.
SEAL's embedded engineer will track these operations, disrupt their infrastructure and prevent attacks before they reach users.
Whether a single engineer can meaningfully dent a well-resourced criminal ecosystem is the right question to ask. And the honest answer is that we don't know yet. But it's a testable approach, which is more than can be said for most of what the industry has tried.
Why This Matters for Investors
The timing of this initiative isn't accidental.
Ethereum ETFs are now trading in the U.S. And, as my colleague Beth Canova pointed out last week, ETH ETFs are still higher than they were a year ago — despite ETH and the broad market’s recent weakness.
And with Project Crypto still on the agenda for regulators, institutional asset managers are exploring tokenized versions of real-world assets. That’s bonds, real estate, private credit and more, all tradable on blockchain infrastructure.
But major financial firms don't move into new asset classes without risk frameworks they can explain to regulators and clients. And right now, "how safe is Ethereum?" doesn't have a clean answer.
There's no standardized way to evaluate wallet security. No public accountability for the companies running critical network infrastructure. And no industry-wide incident response playbook.
At least, not yet. The 1TS initiative is an attempt to start building all three.
The dashboard's structure — tracking specific protections, their current status and what still needs to be built — is designed to make Ethereum's security auditable over time.
If it works, it gives institutional buyers something they can point to.
And that could unlock serious floodgates when market conditions improve.
The Honest Caveat
The initiative is early, and launches are easy. The harder tasks come in the follow-through.
Whether the controls get built …
If wallet benchmarking produces genuinely independent results rather than participation trophies …
And whether active operations against scammers actually reduce theft at scale …
Are all still hypotheticals until 1TS can produce real results.
These are massive challenges. So, we can’t expect quick answers. Investors evaluating Ethereum's institutional trajectory should watch the 1TS dashboard over the next 12 to 18 months.
You’ll want to watch for a program that stays current and produces measurable results. The kind that gets crypto social media buzzing, even if price action doesn’t follow (as we know, good news gets ignored in a tough market).
That would be genuinely significant.
But if updates quietly fade into the background, we’ll know we’re reading a different story. And you’ll be better positioned to prepare or pivot your portfolio as a result.
Best,
Jurica Dujmovic
