EF Blog

ETH top background starting image
ETH bottom background ending image
Skip to content

Security

Security updates related to the Ethereum protocol, tooling infrastructure and applications.

May 14, 2025

Sec

Announcing the Trillion Dollar Security Initiative
Announcing the Trillion Dollar Security Initiative

by Ethereum Foundation Team

Ethereum is the most secure blockchain ecosystem. This is the result of 10 years of progress and iteration across every level of Ethereum’s technology stack, from wallet UX to developer tooling to consensus protocol security. But being the most secure platform in the crypto ecosystem isn’t enough. Ethereum’s ambition is far greater: to be civilization-scale infrastructure that securely underpins the internet and global economy, surpassing the safety and trustworthiness of the world’s legacy systems. Today we are announcing the Trillion Dollar Security initiative, an ecosystem-wide effort to upgrade Ethereum’s security to help bring the world onchain. Reaching “Trillion Dollar security” means a world where: Billions of individuals are each comfortable storing more than $1000 onchain, collectively amounting to trillions of dollars secured on Ethereum. Companies, institutions or governments

May 7, 2025

Sec

CVE-2025-30147 - The curious case of subgroup check on Besu

by Antonio Sanso

Thanks to Marius Van Der Wijden for creating the test case and statetest, and for helping the Besu team confirm the issue. Also, kudos to the Besu team, the EF security team, and Kevaundray Wedderburn. Additionally, thanks to Yuxiang Qiu, Justin Traglia, Marius Van Der Wijden, Benedikt Wagner, and Kevaundray Wedderburn for proofreading. If you have any other questions/comments, find me on twitter at @asanso tl;dr: Besu Ethereum execution client version 25.2.2 suffered from a consensus issue related to the EIP-196/EIP-197 precompiled contract handling for the elliptic curve alt_bn128 (a.k.a. bn254). The issue was fixed in release 25.3.0. Here is the full CVE report. N.B.: Part of this post requires some knowledge about elliptic curves (cryptography).

July 8, 2024

Sec

Ethereum Protocol Attackathon in Collaboration with Immunefi

by EPS Research Team

The Ethereum Protocol Security (EPS) Research Team is pleased to announce the launch of the first Ethereum protocol Attackathon, hosted by Immunefi. This four-week event aims to enhance the security of the Ethereum protocol through a large-scale crowdsourced security audit competition. Our goal is to raise over 2 million USD for the reward pool, the EF has seeded the pool with an initial 500,000 USD.

July 2, 2024

Sec

blog.ethereum.org mailing list incident

by EF Operational Security

On 2024-06-23, 00:19 AM UTC, a phishing email was sent out to 35,794 email addresses by updates@blog.ethereum.org with the following content Users who clicked the link in the email were sent to a malicious website: This website had a crypto drainer running in the background, and if a user initiated their wallet and signed the transaction requested by their website their wallet would have been drained. Our internal security team immediately launched an investigation to help determine who launched the attack, what the aim of the attack was, when it happened, who was affected, and how it happened. Some of the intial actions taken were: Prevented the threat actor from sending additional emails. Sent out notifications via twitter and email to not click the link in question. Closed down the

March 21, 2024

Sec

Sepolia Incident

by Marius van der Wijden, Toni Wahrstätter, Parithosh Jayanthi

This blog post discloses a threat against the Ethereum network that was present from the Merge up until the Dencun hard fork.

May 18, 2021

Sec

Dodging a bullet: Ethereum State Problems

by Martin Holst Swende & Peter Szilagyi

With this blog post, the intention is to officially disclose a severe threat against the Ethereum platform, which was a clear and present danger up until the Berlin hardfork.

November 12, 2020

Sec

Geth security release

January 15, 2019

Sec

Security Alert: Ethereum Constantinople Postponement

by Hudson Jameson

The Ethereum Core Developers and the Ethereum Security Community were made aware of the potential Constantinople-related issues identified by ChainSecurity on January 15, 2019. We are investigating any potential vulnerabilities and will follow with updates in this blog post and across social media channels. Out of an abundance of caution, key stakeholders around the Ethereum community have determined that the best course of action will be to delay the planned Constantinople fork that would have occurred at block 7,080,000 on January 16, 2019. This will require anyone running a node (node operators, exchanges, miners, wallet services, etc...) to update to a new version of Geth or Parity before block 7,080,000. Block 7,080,000 will occur in approximately 32 hours from the time of this publishing or at approximately

Newer posts

Older posts

Categories