During Devconnect Buenos Aires, the Ethereum Foundation and Securelum TrustX hosted Trillion Dollar Security Day, a focused event that brought together Ethereum security experts to explore what it takes to securely support the $1 trillion Ethereum economy.
The event brought together approximately 80 participants from across the Ethereum security ecosystem across infrastructure, interoperability, layers 1 and 2, on-chain, off-chain, privacy, and wallets to assess the current security landscape, surface common challenges, and identify concrete next steps across the stack.
Discussions and results from this event will contribute to the Ethereum Foundation’s ongoing $1Trillion Security (1TS) initiative.
Why Trillion Dollar Security Day?
Trillion Dollar Security Day was designed to create focused in-person discussions within individual layers and bring together practitioners working on similar parts of the stack to assess their current security posture, share operational realities, and identify short-term priorities. Results from these sessions were synthesized to highlight patterns and dependencies across the broader ecosystem.
The goals of the Trillion Dollar Security Assembly are:
- Evaluate Ethereum’s security posture Identify gaps, challenges, and emerging risks across the full stack
- Enable short run By aligning ecosystem stakeholders around actionable priorities.
- Enhance long-term security Through coordination, shared standards, and ecosystem strengthening.
Participants divided into tier-based breakout sessions to discuss what is currently working, what is not, and where efforts are most urgently needed.
Snapshot: Observing multiple layers
Across the seven layers, participants revealed several recurring themes.
- Security is often treated as a milestone rather than an ongoing process
- Assumptions of trust are not sufficiently communicated to users
- Critical security tools and public goods lack sustainable funding
- Coordination and incentives, not encryption, remain key risk factors
The table below summarizes the key issues identified during the session and the immediate next steps.
| layer | major issues | Identify immediate next steps |
|---|---|---|
| layer 1 and layer 2 | Quantum risk, weak L1/L2 coordination, cloud dependence, compression testing | Extend EPF onboarding, create L2 liaisons, and improve EIP versioning and ownership. |
| wallet | Blind signature, paywall security, low integration | Formation of Open Signing Alliance, Neutral/On-Chain EIP-7730 Registry, Wallet Dashboard |
| On-chain | “Audited ≠ Secure”, Weak IR, OpSec Failure | Fund OSS security tools, establish DeFi security visibility, and advance SEALs |
| interoperability | Insecure trust assumptions, UX prioritizes speed over safety | Interoperability trust assessment, clearer disclosure, and improved UX for canonical bridges |
| infrastructure | Front-end hacking, RPC centralization, DNS SPOF | Verifiable frontend, infrastructure transparency dashboard, and light client wallet |
| off chain | Unbalanced incentives, a blind spot in the Web2 attack surface | Security frameworks, authentication, and public goods staffing models |
Main themes by layer
A complete presentation of each layer can be found here.
Layers 1 and 2: Coordination remains the bottleneck
Ethereum’s multi-client architecture, specification-driven development, and conservative layer 1 change process continue to provide a strong security foundation. However, participants highlighted risks arising from limited coordination between L1 and L2, compressed testing schedules, over-reliance on cloud infrastructure, and concerns about supply chain attacks.
Key challenges include limited community and L2 participation in All Core Devs calls, constraints on client teams’ ability to review evolving EIPs early, and ongoing L1-L2 bridging and RPC resiliency concerns.
Proposed next steps focus on expanding the Ethereum Protocol Fellowship (EPF), creating a clearer L2 liaison role, improving EIP version control and ownership expectations, and strengthening moderation and accessibility in coordination forums.
Wallets: User security remains too opaque
Advances in signature standards such as EIP-7730 and improvements in wallet discoverability were noted as positive. At the same time, most hardware wallets still rely on blind signatures, and their participation in discussions about shared security remains limited.
Participants pointed to the competitive environment of wallets as a structural barrier to collaboration, along with an overreliance on the Ethereum Foundation to facilitate collaboration.
A key proposal was the creation of an Open Signing Alliance based on Ethereum’s values of openness, neutrality, and walk-away testing. Additional priorities include hosting the EIP-7730 registry in a neutral or on-chain context to improve transparency and legitimacy, as well as funding a wallet-focused security dashboard.
On-chain security: tools and visibility lag behind risks
On-chain security continues to benefit from an increase in the number of experienced security researchers, improved tools (such as Foundry), and increased awareness of incident response through initiatives such as SEAL911. However, security is still often treated as a checkbox, and “audited” and “secure” are often confused.
Participants emphasized that recent losses were due to operational security failures rather than new smart contract abuses. Other challenges include increased protocol complexity, limited immutable monitoring, and lack of economic auditing.
Immediate next steps include continued funding of open source security tools (fuzzers, static and dynamic analyzers), increased visibility into DeFi security posture (an “L2BEAT-like” approach), and widespread adoption of SEAL frameworks and checklists for various contract classes.
Interoperability: Trust assumptions must be explicit
Ethereum users will benefit from a wide range of interoperability options and an increasingly faster and cheaper UX. At the same time, participants emphasized that many interoperability protocols rely on assumptions of trust that are not well communicated, and that users mistakenly believe that “fast and cheap” means secure.
Many non-canonical bridges fail walk-away tests and often remain at risk after bridging due to wrapped assets and downstream dependencies.
Proposed measures include developing interoperable trust ratings that clearly specify assumptions and validation models, setting stronger expectations for explicit trust disclosure by cross-chain aggregators, and improving the speed and cost of formal bridges to reduce reliance on insecure alternatives. A follow-up interoperability workshop was also proposed.
Privacy: UX and infrastructure are the main constraints
With zero-knowledge research and increased institutional adoption, there is broad agreement that privacy is increasingly seen as a normal and necessary part of Ethereum’s future. However, user experience, cost, and infrastructure limitations remain major obstacles.
Key challenges include RPC-based tracking, issues with private data storage and recovery, lack of UX-focused builders for private wallets, and lack of hardware support for privacy-preserving keys.
Suggested next steps include expanding the use of light-client data via P2P RPC, investing in private wallet UX, exploring ZK-enabled hardware signers, and working with regulators for clearer guidance on permissionless privacy technologies.
Infrastructure and off-chain security: the invisible attack surface
Front-end compromise, DNS hijacking, RPC centralization, and software supply chain attacks were repeatedly mentioned as underappreciated risks. Participants also noted the lack of sustainable economic partnerships for nonprofit organizations that provide critical security public goods.
Key challenges include a false separation of “Web2” and “Web3” security, limited liability for off-chain failures, and a tendency to sacrifice security for speed and convenience. It was also highlighted that you cannot easily run nodes on Tor.
Suggested next steps include building verifiable front-end prototypes, increasing transparency around the health of RPCs and infrastructure, promoting security frameworks and certifications, and creating a structured collaboration model where private companies dedicate time and resources to security public goods.
Review of the event
Participants rated the quality of the discussions and the relevance of the topics as excellent, emphasizing the value of interaction beyond the immediate level. The main areas for improvement were logistics such as group size and structured networking opportunities.
There was a strong demand for future work focused on applicable security standards, shared tools, and practical “how-to” guidance for implementation.
what happens next
The Trillion Dollar Security gathering emphasized the value of bringing security professionals together in person to build common understanding and momentum. Focused face-to-face discussions helped accelerate coordination on standards, tools, and practical solutions in ways that would be difficult to achieve with asynchronous coordination alone.
The discussion also emphasized the importance of maintaining a continuously updated and shared view of Ethereum’s security posture. As the ecosystem evolves, staying ahead of new risks requires regular reassessment of what is working, where assumptions no longer apply, and which areas require new attention to support a trillion-dollar economy.
Insights from Buenos Aires continue to inform the Ethereum Foundation’s $1 trillion security effort, alongside ongoing work across the ecosystem. In the short term, our focus will continue to be on supporting execution, enabling the adoption of open and neutral security standards, and strengthening the foundations needed to keep Ethereum secure at scale.
Thank you to our security layer champions @vdWijden, @barnabas, @zachobront, @ethzed, @mattaerial, @ncsgy, and @ThewizardofPOS. And @0xRajeev and @fredrik0x for hosting.
