Investigators identified nearly 100 North Korean operatives infiltrating Web3.
They reported or cataloged more than 785 vulnerabilities, bugs and proofs of concept in the ecosystem.
The Ethereum Foundation (EF) announced the results of the ETH Rangers program, an initiative launched at the end of 2024 together with the organizations Secureum, The Red Guild and Security Alliance (SEAL).
The program funded 17 independent researchers to conduct security work in the Ethereum ecosystem for six months and the results included USD 5.8 million in recovered funds after an attack, 36 responses to other incidents, more than 785 vulnerabilities reported or cataloged and approximately 100 state operations identified.
The EF described the results as a demonstration that “securing a decentralized network requires a decentralized defense,” pointing that the researchers not only found vulnerabilities but They also made toolstrained developers and responded to incidents in real time.
The most relevant cases
Researcher Nick Bax was involved in the response to the Loopscale protocol exploit, an incident in which attackers drained funds from the platform and which ended with the return of USD 5.8 million after the intervention of the SEAL 911 team, a response group to security incidents in the cryptocurrency ecosystem.
Bax also identified and alerted more than 30 projects that had unknowingly contracted to tech workers linked to the North Korean governmentwho infiltrate crypto asset companies under false identities to steal funds or information.
Along the same lines, the Ketman project within the EF program was dedicated exclusively to detecting and expelling these North Korean operatives from Web3 organizations. During the six months of the program, he identified approximately 100 cases in different projectsmaking it one of the most significant findings of the program given the scope of that threat in the ecosystem.
Vulnerabilities in Ethereum clients
Finally, a program team evaluated the five main programs that Ethereum nodes run to participate in the network (Geth, Besu, Erigon, Nethermind and Reth) and found 14 failures which an attacker could use to overload or crash those nodes by flooding messages. According to the EF report, none of the five software was completely immune to this type of attack.
The DeFiHackLabs team built a DeFi incident exploration platform with over 620 documented proofs of concept and hosted university workshops and security competitions with over 800 participating teams.