Researchers Identify Key Threats to Ethereum Ecosystem

The Ethereum Foundation team has released the inaugural report under the Trillion Dollar Security initiative. Researchers have pinpointed six critical areas requiring substantial improvements to ensure the network’s future security.

0. Last month we announced the Trillion Dollar Security (1TS) initiative: an ecosystem-wide effort to upgrade Ethereum’s security.

Today we’re releasing the first 1TS report: an overview of the existing security challenges in the Ethereum ecosystem. pic.twitter.com/R1dhY34pDT

— Ethereum Foundation (@ethereumfndn) June 10, 2025

According to the authors, the current Ethereum ecosystem already supports capital exceeding $600 billion. However, this is insufficient to meet the community’s ambitions. The goal is to create an environment where billions of people can comfortably store amounts over $1000 on the blockchain, and companies and institutions can trust individual smart contracts with assets worth trillions of dollars.

User Experience Issues

Security begins with the interface that users interact with. The main issue is that all responsibility falls on the individual. Due to the irreversibility of transactions, any mistake, key compromise, or hasty confirmation can lead to loss of funds.

Researchers identified several weak points. Users struggle with storing seed phrases, often writing them down as plain text or saving them in the cloud. Hardware wallets do not fully solve the problem either: they can be lost, broken, or stolen.

Another serious vulnerability is the “blind signing” of transactions. Wallets often display incomprehensible data, leading users to confirm actions without understanding the consequences. This opens the door to phishing and fraud. Unlimited permissions for DeFi applications, which lack expiration dates, also remain problematic as they can be used to steal assets even after a long time.

Smart Contract Security

Despite significant progress in this area, vulnerabilities in code remain a serious threat. The main risks are associated with the ability to update contracts after deployment. Malicious or erroneous updates can lead to the loss of user funds.

Other issues experts highlight include re-entrancy attacks, the use of unverified external libraries, and errors in access control.

According to researchers, developers do not always use secure practices by default, and formal code verification is a complex and costly process that is rarely applied. The report also highlights a new risk—bugs introduced by AI-based automatic code generation tools.

Infrastructure and Cloud Security

The Ethereum ecosystem heavily relies on centralized providers. This includes specific services like RPC nodes and L2 networks, as well as traditional cloud hosting like AWS and CloudFlare.

Failures or censorship by these providers can cut off many users from network access. Second-layer solutions also introduce new attack vectors related to bridge complexities, potential errors in proof systems, and centralization risks through “security councils.”

Consensus-Level Risks

The Ethereum consensus protocol has proven reliable, but long-term threats remain. Among them is the concentration of staking among a few large providers, such as Lido. This creates a risk of centralized control and transaction censorship.

Another issue is the insufficient development of the “social slashing” mechanism. This is an extreme measure of punishment for validators attacking the network, but the community lacks clear rules and tools for its application. In the long term, the main threat remains the emergence of quantum computers capable of breaking existing cryptographic algorithms.

Incident Monitoring and Response

When an attack occurs, the ecosystem faces coordination challenges. It is often difficult to contact the team of the compromised project or reach the security services of major platforms, delaying response and reducing the chances of fund recovery. Moreover, the industry lacks insurance tools familiar to traditional finance.

Social Layer and Governance

The “social layer” refers to the people, organizations, and processes that influence Ethereum’s development. Here, risks are long-term. The centralization of staking and real-world-backed assets (such as stablecoins) gives issuers and holders leverage over the network.

There is also a threat of regulatory pressure on key developers and companies, which could shift protocol development priorities towards commercial or governmental interests, undermining its neutrality.

The publication of the report is only the first step. The Ethereum Foundation, together with the community, intends to prioritize the most pressing issues and begin seeking solutions. The project has invited everyone to share their ideas and feedback.

Back in March, Ethereum Foundation made significant changes in leadership. 

Following management reshuffles, the organization shifted focus to user experience and L1 scaling issues.

In June, Ethereum Foundation reduced part of the research and development team, concentrating on key challenges and core protocol issues.