After nearly a decade of sitting idle, the capital recovered from the 2016 DAO hack is now a staking endowment of over 75,000 ETH that has begun deploying its yield toward the people and projects keeping Ethereum safe. The first move is a 500 ETH matching pool, worth over $1.09 million at current prices, powering the largest quadratic funding round Giveth has ever hosted. If you want the full background on how this fund came to exist, this introduction to Ethereum's DAO-funded security model covers it in detail.

Applications opened on March 25, 2026 & the round runs from April 21 to May 12 with a wide scope.

• Why Quadratic Funding for the First Round
• What the Round Actually Covers
• How the ETHSecurity Badge Fits In
• Who Is Running What and How to Get Involved

Why Quadratic Funding for the First Round

TheDAO Security Fund chose quadratic funding and the reasoning is worth understanding because it shapes everything about how this round works.

When a project enters a quadratic funding round, every donation it receives regardless of size signals to the matching pool that the community believes in it. A hundred people donating $5 each generates more matching than one person donating $500 and that structure is intentional: it rewards breadth of support over depth of pockets, and it surfaces projects that have genuine community backing rather than a single well-connected patron. Ethereum has a long history with this mechanism: Gitcoin's CLR matching rounds proved the model worked at scale years ago.

For Ethereum security specifically, this matters. A lot of the work that keeps the ecosystem safe is invisible by design. Incident responders, wallet safety researchers, threat intelligence analysts, formal verification engineers are not the people with the loudest voices or the largest Twitter followings. A quadratic round gives that work a public stage it rarely gets and brings in community donations on top of the matching pool, adding funding more than what TheDAO Security Fund itself is putting in.

Griff Green described it plainly: the first round is not just about getting funds out the door. It is about getting a real process in motion, learning from it and making the next rounds better.

What the Round Actually Covers

The eligibility criteria is broad. Projects, teams, and individuals working anywhere in the Ethereum and L2 security ecosystem are welcome to apply. The Ethereum Foundation's Grants Management team defines the eligibility requirements, and the scope they have set covers the full surface area of what security actually means in practice not only audits and bug bounties.

That includes incident response and white-hat defense, security research and formal verification, user protection and anti-phishing tools, security tooling and infrastructure, education and awareness, threat intelligence and on-chain investigation, protocol and core infrastructure security, legal frameworks supporting white-hat activity, security standards and certifications, wargames and incident response training, ZK and circuit security, client and node implementation security, cryptographic primitives, post-quantum research and supply chain security. Events like the Aave oracle misconfiguration that triggered 345 ETH in liquidations are exactly the kind of incident that better-funded security infrastructure is designed to prevent.

TheDAO Security Fund’s first round is out!

We’re kicking things off with a broadly scoped Ethereum Security quadratic funding round on Giveth as the first move in our bottom-up distribution strategy.

Why QF?

Because we wanted the first round to do more than just allocate… https://t.co/tjlyHtptFE— thedao.fund (@thedaofund) March 25, 2026

Security is not one category of work, it is a hundred overlapping ones, many of which receive almost no funding through existing channels. This round is designed to surface all of them, including tools and newsletters and standards bodies that operate quietly and effectively without much recognition. Projects like 0xBow, which is building compliant privacy for Ethereum or work tied to Ethereum's ongoing validator custody rollout are exactly the kind of infrastructure-level contributions this round is scoped to support.