In 2016, TheDAO was hacked in which A reentrancy bug drained roughly 3.6 million ETH. It was severe enough to split the chain in two(Ethereum 2.0 and Ethereum Classic) and left a scar on the community that took years to stop stinging. Soon after, the recovered funds were placed into a withdrawal contract and a curator multisig, left open for original claimants to collect whenever they chose. Most never did, for nearly a decade, no one touched it.

That changes now and the way it is being deployed says a great deal about how much Ethereum has matured.

• Turning a Wound Into an Endowment
• The Question Nobody Had a Clean Answer For
• Two Badges, Two Very Different Things
• Why This Is Actually About Something Bigger

Turning a Wound Into an Endowment

The TheDAO Security Fund has staked approximately 69,420 ETH of the original recovered capital, worth somewhere between $100 million and $220 million depending on when you check, to generate perpetual staking yield. Around $8 million a year, by current estimates, directed entirely toward Ethereum security: audits, tooling, incident response, formal verification and the researchers doing the work that keeps the chain standing.

Introducing: Ethereum’s top security experts

TheDAO’s ETHSecurity Badges are a new onchain primitive recognizing the people securing Ethereum.

40 have been selected. 160 open spots are left.

Are you one of Ethereum’s top 200? 👇 pic.twitter.com/mAhu6IkgFl— thedao.fund (@thedaofund) March 19, 2026

The claims window stays open. Anyone who was owed a refund from the 2016 recovery can still collect. But the idle capital that was never claimed is now being put to work. What makes this more than a treasury management story is who gets to decide where the money goes.

The Question Nobody Had a Clean Answer For

If you wanted to identify the 200 most important people working on Ethereum security, how would you do it? The problem is harder than it sounds. This is not a category with a clear credential system. There is no CFA exam for smart contract auditors. No licensing board for white-hat researchers. The people who matter most in this space have often built their reputations through a combination of bug disclosures, public tooling, conference talks, quiet incident responses and years of showing up in the right Telegram groups at the right time.

Any top-down list compiled by a committee would immediately attract criticism, any open vote would be gamed & any popularity contest would favor the loudest voices over the most important ones.

The TheDAO Security Fund's answer to this was to build a rubric(ten weighted pillars covering everything from public evidence of contributions to incident response track records to formal verification expertise to threat intelligence) and then handed the selection process to an AI agent built by Bonfires.ai. The bot cross-references supplied identities against public records, synthesizes signals that goes beyond a self-reported application form, scores each candidate against the rubric and then builds a persistent knowledge graph in the process.

Griff Green, who was one of the original 2016 curators and has been the operational thread connecting all of this across a decade, drafted the initial rubric. Future versions will be shaped by the badge holders themselves, through direct conversations with the bot. The definition of "Ethereum security expert" will be iterated by the people who have already been recognised as Ethereum security experts. It is a deliberately self-refining system.

The first cohort of 40(33 selected applicants plus 7 curators who received badges automatically) reads like a who's who of the people who have been quietly keeping this ecosystem functional. samczsun. Yoav Weiss. Taylor Monahan. pcaversaccio. Researchers from ChainSecurity, Zellic & the Ethereum Foundation's protocol security team, SEAL 911. People with formal verification backgrounds. People doing threat intelligence and opsec. The kind of list where nearly every name, if you spend enough time in this space, makes you nod.