In 2016, TheDAO was hacked in which A reentrancy bug drained roughly 3.6 million ETH. It was severe enough to split the chain in two(Ethereum 2.0 and Ethereum Classic) and left a scar on the community that took years to stop stinging. Soon after, the recovered funds were placed into a withdrawal contract and a curator multisig, left open for original claimants to collect whenever they chose. Most never did, for nearly a decade, no one touched it.

That changes now and the way it is being deployed says a great deal about how much Ethereum has matured.

• Turning a Wound Into an Endowment
• The Question Nobody Had a Clean Answer For
• Two Badges, Two Very Different Things
• Why This Is Actually About Something Bigger

Turning a Wound Into an Endowment

The TheDAO Security Fund has staked approximately 69,420 ETH of the original recovered capital, worth somewhere between $100 million and $220 million depending on when you check, to generate perpetual staking yield. Around $8 million a year, by current estimates, directed entirely toward Ethereum security: audits, tooling, incident response, formal verification and the researchers doing the work that keeps the chain standing.

Introducing: Ethereum’s top security experts

TheDAO’s ETHSecurity Badges are a new onchain primitive recognizing the people securing Ethereum.

40 have been selected. 160 open spots are left.

Are you one of Ethereum’s top 200? 👇 pic.twitter.com/mAhu6IkgFl

— thedao.fund (@thedaofund) March 19, 2026

The claims window stays open. Anyone who was owed a refund from the 2016 recovery can still collect. But the idle capital that was never claimed is now being put to work. What makes this more than a treasury management story is who gets to decide where the money goes.

The Question Nobody Had a Clean Answer For

If you wanted to identify the 200 most important people working on Ethereum security, how would you do it? The problem is harder than it sounds. This is not a category with a clear credential system. There is no CFA exam for smart contract auditors. No licensing board for white-hat researchers. The people who matter most in this space have often built their reputations through a combination of bug disclosures, public tooling, conference talks, quiet incident responses and years of showing up in the right Telegram groups at the right time.

Any top-down list compiled by a committee would immediately attract criticism, any open vote would be gamed & any popularity contest would favor the loudest voices over the most important ones.

The TheDAO Security Fund's answer to this was to build a rubric(ten weighted pillars covering everything from public evidence of contributions to incident response track records to formal verification expertise to threat intelligence) and then handed the selection process to an AI agent built by Bonfires.ai. The bot cross-references supplied identities against public records, synthesizes signals that goes beyond a self-reported application form, scores each candidate against the rubric and then builds a persistent knowledge graph in the process.

Griff Green, who was one of the original 2016 curators and has been the operational thread connecting all of this across a decade, drafted the initial rubric. Future versions will be shaped by the badge holders themselves, through direct conversations with the bot. The definition of "Ethereum security expert" will be iterated by the people who have already been recognised as Ethereum security experts. It is a deliberately self-refining system.

The first cohort of 40(33 selected applicants plus 7 curators who received badges automatically) reads like a who's who of the people who have been quietly keeping this ecosystem functional. samczsun. Yoav Weiss. Taylor Monahan. pcaversaccio. Researchers from ChainSecurity, Zellic & the Ethereum Foundation's protocol security team, SEAL 911. People with formal verification backgrounds. People doing threat intelligence and opsec. The kind of list where nearly every name, if you spend enough time in this space, makes you nod.

Two Badges, Two Very Different Things

The public badge is an ERC-721 NFT airdropped to the wallet each applicant provided. It is a credential(visible, transferable in theory, prestige-bearing). It signals to the world that this person has been recognised by a process that took the selection seriously.

The voting badge is something else entirely. It goes to a separate, non-public wallet address that only the holder knows. The mapping between public badge and voting address is known only to Griff Green and a small subset of the Giveth team. It is the actual governance primitive. And it is deliberately anonymous precisely because the community of Ethereum security researchers is small enough that social pressure is a real distortion where if your vote were visible, the dynamics would shift.

There is a reasonable critique here: the mapping between public credential and private vote is centralised in the hands of a small group. That is a trust dependency. The people behind this project know it, and the assumption is that future iterations might introduce zero-knowledge proofs to make the mapping independently verifiable without revealing it. For now, the system runs on Griff Green's decade-long track record and the social capital that comes with it.

Why This Is Actually About Something Bigger

One of the harder problems in Ethereum's maturation is how expertise gets recognised and how resources flow toward the people doing the most important work. Bug bounties help. Grants help. But neither is systematic, and neither creates a durable record of who has been consistently excellent over time.

The ETHSecurity Badge is an attempt to build that record on-chain. Every selection decision, every rubric score, every completed grant cycle feeds back into a knowledge graph that gets richer over time. The long-term utility of the Bonfires.ai system is not just running the first selection, it is building an expert map of Ethereum security that becomes more useful the more it is used. Future grant decisions can draw on it. Future badge cohorts can be informed by it.

Two more batches are coming in April 2026, with roughly 160 badges remaining before the target of 200 is reached. Applications are still open. The rubric is public. The process is more legible than most selection systems operating at this scale in the Ethereum ecosystem.

A decade ago, the DAO hack was the thing Ethereum had to survive. The fund built from its recovery capital is now being used to make sure Ethereum keeps surviving and to give the people doing that work a formal, on-chain acknowledgment that their contributions are seen.

That feels like the right use of the money.

If you find any issues in this article or notice missing information, please feel free to reach out at team@etherworld.co for clarifications or updates.

To promote your Web3 articles, events, and projects, you may reach out anytime via EtherWorld PR for submissions and collaboration.

Related Articles

• Ethereum Foundation's First-Ever Treasury Policy Explained
• ETC Thanos hard fork to happen on November 28
• Highlights of Ethereum's All Core Devs Meeting (ACDE) #208
• "Reconfiguring AllCoreDevs": Tim Beiko's ‘Divide and Conquer’ Strategy

To follow blockchain news, track Ethereum protocol progress, and read our latest stories, subscribe to our weekly today.