Trillion Dollar Security Day at Devconnect
Trillion Dollar Security Day at Devconnect: A Comprehensive Review
The Ethereum Foundation and Secureum TrustX recently brought together around eighty participants from across the Ethereum Security Ecosystem for Trillion Dollar Security Day, a focused event exploring what it would take to securely support a trillion-dollar Ethereum economy. This in-person gathering aimed to assess the current security landscape, surface shared challenges, and identify concrete next steps across the stack.
Why a Trillion Dollar Security Day?
The Trillion Dollar Security day was designed to create focused, in-person discussions within individual layers, bringing together practitioners who work on similar parts of the stack to assess current security posture, share operational realities, and identify near-term priorities. The outcomes of these sessions were then synthesized to highlight patterns and dependencies across the broader ecosystem.
Goals of the Trillion Dollar Security Gathering
The primary goals of the Trillion Dollar Security gathering were to:
- Evaluate Ethereum’s security posture across the full stack, identifying gaps, challenges, and emerging risks
- Enable short-term execution by aligning ecosystem actors around actionable priorities
- Strengthen long-term security through coordination, shared standards, and ecosystem empowerment
Cross-Layer Observations
Across the seven layers, participants surfaced several recurring themes:
- Security is often treated as a milestone rather than a continuous process
- Trust assumptions are insufficiently communicated to users
- Critical security tooling and public goods lack sustainable funding
- Coordination and incentives—not cryptography—remain dominant risk factors
Key Issues and Immediate Next Steps by Layer
The table below captures a condensed view of key issues and immediate next steps identified during the sessions.
| Layer | Key Issues | Identified | Immediate Next Steps |
|---|---|---|---|
| Layer 1 & 2 | Quantum risk, weak L1/L2 coordination, cloud dependence, compressed testing | Expand EPF onboarding, create L2 liaisons, improve EIP versioning & ownership | |
| Wallets | Blind signing, paywalled security, low coordination | Form an Open Signing Alliance, neutral/on-chain EIP-7730 registry, wallet dashboards | |
| Onchain | “Audited ≠ secure”, weak IR, OpSec failures | Fund OSS security tooling, create DeFi security visibility, promote SEAL | |
| Interoperability | Unsafe trust assumptions, UX favors speed over safety | Interop trust ratings, clearer disclosures, improve canonical bridge UX | |
| Infrastructure | Frontend hacks, RPC centralization, DNS SPOFs | Verifiable frontends, infra transparency dashboards, light-client wallets | |
| Offchain | Misaligned incentives, Web2 attack-surface blind spots | Security frameworks, certifications, public-goods staffing models | |
| Privacy | UX and infrastructure are the primary constraints | Greater use of light-client data over P2P RPC, investment in private wallet UX, research into ZK-capable hardware signers |
Key Themes by Layer
Layer 1 & 2: Coordination Remains a Bottleneck
Ethereum’s multiclient architecture, specification-driven development, and conservative Layer 1 change process continue to provide strong security foundations. However, participants highlighted risks stemming from limited coordination between L1 and L2s, compressed testing timelines, over-reliance on cloud infrastructure, and concerns around supply-chain attacks.
Wallets: User Security Remains Too Opaque
Progress on signing standards such as EIP-7730 and improvements to wallet discoverability were noted as positives. At the same time, most hardware wallets still rely on blind signing, and wallet participation in shared security discussions remains limited.
Onchain Security: Tooling and Visibility Lag Behind Risk
Onchain security continues to benefit from a growing pool of experienced security researchers, improved tooling (e.g. Foundry), and increased awareness of incident response through efforts such as SEAL911. However, security is still often treated as a checkbox, and “audited” is frequently conflated with “secure.”
Interoperability: Trust Assumptions Must Be Explicit
Ethereum users benefit from a wide range of interoperability options and increasingly fast, low-cost UX. At the same time, participants highlighted that many interop protocols rely on poorly communicated trust assumptions, leading users to mistake “fast and cheap” for safe.
Privacy: UX and Infrastructure Are the Primary Constraints
There was broad agreement that privacy is increasingly seen as a normal and necessary part of Ethereum’s future, with encouraging progress in zero-knowledge research and institutional adoption. However, user experience, cost, and infrastructure limitations remain major blockers.
Infrastructure & Offchain Security: The Invisible Attack Surface
Frontend compromises, DNS hijacks, RPC centralization, and software supply-chain attacks were repeatedly cited as underappreciated risks. Participants also noted a lack of sustainable economic alignment for non-profits providing critical security public goods.
Event Reflections
Participants rated the quality of discussion and relevance of topics as excellent, highlighting the value of in-person, cross-layer exchange. The primary areas for improvement were logistical, including group size and opportunities for structured networking.
What Comes Next
The Trillion Dollar Security gathering highlighted the value of bringing security practitioners together in person to build shared understanding and momentum. Focused, face-to-face discussions helped accelerate alignment on standards, tooling, and practical solutions in ways that are difficult to achieve through asynchronous coordination alone.
The discussions also underscored the importance of maintaining a continuously updated, shared view of Ethereum’s security posture. As the ecosystem evolves, staying ahead of emerging risks requires regularly reassessing what is working, where assumptions no longer hold, and which areas need renewed attention to support a trillion-dollar economy.
The insights from Buenos Aires will continue to inform the Ethereum Foundation’s One Trillion Dollar Security efforts, alongside ongoing work across the ecosystem. Near-term focus remains on supporting execution, enabling adoption of open and neutral security standards, and strengthening the foundations needed to keep Ethereum secure at scale.
With thanks to the security layer champions @vdWijden, @barnabas, @zachobront, @ethzed, @mattaereal, @ncsgy and @ThewizardofPOS. And @0xRajeev and @fredrik0x for hosting.
Source: https://blog.ethereum.org/en/2026/02/03/1ts-day-devconnect-ba
