The Ethereum Foundation announced on April 16, 2026, that its ETH Rangers program, a six-month stipend initiative launched in late 2024, produced more than $5.8 million in recovered or frozen funds across the Ethereum ecosystem. The program distributed roughly $425,000 in total across 17 recipients, each receiving a $25,000 stipend split into two payments. Organized in partnership with Secureum, The Red Guild, and the Security Alliance (SEAL), ETH Rangers was designed to fund independent security work that falls outside formal employment at audit firms or protocols: vulnerability research, educational content, incident response, open-source tooling, and security frameworks benefiting the public.

The 17 recipients collectively catalogued more than 785 vulnerabilities, handled 36 or more incident responses, reached over 209,000 people with threat awareness content, and engaged more than 800 teams in security challenges. The program also produced seven or more new or improved open-source security repositories and more than 80 workshops, talks, and educational resources.

Among the most consequential contributions was the Ketman Project, which identified approximately 100 North Korean IT workers embedded across 53 crypto projects. The team built a free, open-source tool called gh-fake-analyzer, published on PyPI, that allows any project team to screen GitHub contributors for signs of state-sponsored infiltration. The tool has attracted more than 3,300 active users and is freely accessible to developers anywhere, including teams in Africa and Southeast Asia where due-diligence resources can be limited. Ketman also co-authored the DPRK IT Workers Framework with SEAL, giving the broader ecosystem a structured reference for detection.

Nick Bax, operating through SEAL 911 (an emergency incident response service staffed by top-tier whitehats), contributed to more than 36 incident response tickets and produced an awareness video about North Korean "Fake VC" scams that accumulated 200,000 views. Bax also identified the homoglyph attack technique used by a threat actor called ELUSIVE COMET, a group that runs a social engineering operation through named entities including Aureon Capital, Aureon Press, and The OnChain Podcast, impersonating legitimate crypto figures to trick targets into installing malware during Zoom calls. He later represented SEAL at a US Treasury roundtable and an Interpol conference. A separate, anonymous researcher tested all five major Ethereum execution clients and found 14 bugs, including asymmetric CPU consumption vulnerabilities that could force affected nodes to process up to four times the normal workload, along with crashes affecting multiple clients.

The program's educational reach was substantial. SunSec and the DeFiHackLabs team built an Incident Explorer platform cataloguing more than 620 proof-of-concept exploits and ran a summer contest that attracted 43 submissions. Their DeFiHackLabs repository now covers more than 550 hacking incidents dating to 2017, maintained by over 116 contributors globally. Guild Audits, another recipient, trained researchers across Africa, Asia, Europe, and the Americas. Students from that program reported more than 110 vulnerabilities on major audit platforms including Code4rena and Sherlock. Guild Audits also hosted Africa's first Web3 Security Summit on November 8, 2025, a landmark event for a continent where, according to the program research, security talent development has lagged behind the broader pace of ecosystem growth.

The $25,000 stipend is worth noting in regional terms. In Lagos, Nairobi, Colombo, or Dhaka, that sum represents substantially more purchasing power than it does in London or San Francisco. The program required no institutional affiliation, meaning independent researchers and smaller collectives in emerging markets could apply without backing from a well-capitalized firm. That design was well suited to enable participation from researchers in the Global South, where formal pathways to fund independent security work have not always kept pace with emerging talent.

The Red Guild, a security research collective based in Latin America that helped screen applicants, acknowledged the difficulty of the selection process. "For sure, it wasn't easy to pick the most valuable projects," the collective wrote in its State of The Red Guild #16 blog post. The broader picture they were selecting against is considerable: crypto services lost $2.47 billion to hacks and exploits in 2025 alone, and a study published in April 2025 found that vulnerability density in Ethereum smart contracts had reached 74.3 percent as of 2024, based on analysis of audited code samples.

ETH Rangers fits within a larger Ethereum Foundation security push. The Foundation simultaneously launched a $1 million audit subsidy program covering up to 30 percent of audit costs for projects building on Ethereum, with access to more than 20 audit firms. It also partnered with SEAL on the "Trillion Dollar Security" initiative, a longer-term effort to raise the network's security posture as total value on-chain grows. SEAL, which has recovered more than $50 million from cyberattacks since its launch, handled more than 1,800 support tickets in 2025, more than double its cumulative volume since the organization officially launched two years prior. No announcement has been made regarding a second cohort of ETH Rangers.