ABDul Rehman | TradMod

Some of my perspective on where the @ethereumfndn is going. First of all, this is only my own view. The board is not just me, and I have no extra special powers on the board that the other board members do not. @aerugoettinea is the one executing much of this transition. My input has been largely on technical questions. The board is in the process of expanding, and my own power within the org will continue to decrease, which is honestly what I want. The 2025 era brought many important improvements to EF and its ability to execute. Many issues were resolved, and EF continues to benefit from its improved efficiency and greater focus on concrete goals to this day. And so with those problems resolved, early this year, the largest remaining hole that I perceived was something different nagging at me: I would regularly spot people saying things like "vitalik says these beautiful things about ethereum needing to be decentralized, and have privacy, and be a sanctuary technology, but why do the EF's actions not reflect that?" Now, you may have been hearing something different. You may not have been sensing a feeling of crisis at all, and maybe were hearing people saying that finally we were taking execution and BD seriously and the main task for us is to keep going that way and be even better and faster. Then probably there is genuine difference between you and me, in what kinds of criticism I take most seriously, and what kinds of critics through their criticism are most able to make me feel pain. As an analogy, let's briefly switch over to a different domain. One belief you can have about Google is that it is a success story, and has brought a lot of good to humanity in organizing the world's information. Another belief you can have about Google is that they had a beautiful idealistic beginning, but at some point the corruption of mainstream corporate attitudes seeped in, and they slowly bit by bit completely abandoned the "don't be evil" slogan. My belief on Google specifically is probably somewhere between the two. BUT, if you had taken me back in time to ~2008, and offered me a button to press to make Google one or two standard deviations more "dogmatic", eg. give Richard Stallman permanent veto power over some key policies, I would immediately press it. Why? Because a choice for one company is not a choice for the world, or even one country. Google existed and exists in the context of a technology industry generally drifting away from early idealistic don't-be-evil roots and toward greed for financial gain, totalizing visions of accelerated superintelligence, infiltration by sociopaths, and craven capitulation to (or worse, active participation in) government pressure for ideological control, surveillance and war. And so *one company* doing something different, positioning itself to be what George Bernard Shaw calls the Unreasonable Man, resisting the trend of the times, would have been better for freedom, balance of power and stability of society as a whole, than *all* large companies bending to dominant trends. This is a part of my version of pluralism. This line of thinking is not just mine, but I also is not too far off from what Aya and others had in mind with the Mandate. Now how does this all get to the role of the EF? EF is not a "center of Ethereum", rather EF is "one node, with a defined purpose, alongside other nodes". We've always said that the EF should be the latter, but many in the Ethereum ecosystem (and even within the EF) wanted us to be the former. Now, we are taking action to ensure that we will be the latter. This is particularly important because EF is a limited organization, with limited resources and limited organizational capacity. The EF has only ~0.16% of all ETH (less than many other individual ETH holders), whereas among other blockchains it's common for "the central foundation" to have 10-50%. Fiscally, the EF was originally designed to fulfill a limited work scope defined in the token sale docs and other pre-launch materials (building the chain software; getting through Frontier, Homestead, Metropolis, Serenity), which was fully completed in 2022; it was not designed to be an eternal steward. And so today, the EF is choosing to use its remaining resources to pursue longevity over breadth (yes, this means we sell less ETH). The EF focuses *specifically* on those activities critical to the success of ethereum as a censorship/capture-resistant, open, private and secure system, that would not happen otherwise. This means making hard choices, and in some cases even activities that we highly approve of and people that we highly respect becoming outside of the EF. People of great technical talent, public respect and even alignment with the mission and CROPS being outside of the EF is in fact necessary if we want important tasks to be able to attract outside capital. This also means the EF taking opinionated stands culturally. This is all intended in cooperation with all other parts of ethereum. We recognize that many other parts of the ethereum world highly respect CROPS and related values. But highly respecting is not the same as choosing to specialize and totally dedicate to a domain (Compare in a different domain: I think reducing animal cruelty is important, and I like vegan food, but am not full unconditional vegan myself) EF is still in a transition period, and we expect its new long-term form to stabilize over the next few months. What are the guiding principles of this new form? Again, I am only one person, but I can give my answer from a technical perspective (there are also critical non-technical aspects). At the core, *Ethereum must be impressive*. We are living in an age of highly intelligent AI and all kinds of other technological acceleration. "Status quo EVM, with a hard fork or two a year to optimize for short-term needs of users" is not interesting. To some, "impressive" means: 250ms latency and 1M TPS. I think Ethereum trying to go that route is a mistake. Being as fast and as scalable as possible, and only a small epsilon more decentralized than the others, is a route to mediocrity, and if we try it we will lose. I think Ethereum should scale. But I think Ethereum should strive the hardest to be deeply impressive in a different dimension: the CROPS dimension. This means things like: * Provably bug-free Ethereum. This is a goal that all cybersecurity researchers would have thought is absurd and impossible, up until roughly 6 months ago. Now, it's on the cusp of being possible, thanks to AI-assisted formal verification. So we should be frontrunners in doing this. * Available chain consensus. Ethereum is, and with lean consensus will cotninue to be, the ONLY chain that has both (i) traditional-BFT style properties that it's safe under asynchrony up to a high level of fault tolerance, and (ii) the bitcoin PoW-style property that under synchrony it's safe up to 49% attackers. As far as I can tell, literally no other chain has this or is planning for it; bitcoin goes for (ii) only and most other chains go for (i) only. Some will remember I fought hard for this, Unreasonably insisting that it is not OK for ethereum to rely on social consensus and hard forks to rescue ethereum from 34% of nodes going offline. It's OK for chains like hyperledger, bnb, solana, tempo, etc. It's not OK for bitcoin or ethereum or eg. zcash. * Intermediary minimization. The fact that smart contract wallets, protocols like railgun, etc have to send transactions through intermediaries to get included onchain is honestly embarrassing, and it's a constant point of fragility. Hence the work on FOCIL and EIP-8141 (and 7701 and years of work before) to make transaction sending intermediary-minimized with public mempool and strong inclusion properties, in a truly general-purpose way, that covers not just eg. secp256r1, but also privacy protocols and much more. Kohaku is pushing intermediary minimization at the user layer, pulling Ethereum away from the dystopian status quo world where our wallets don't even verify the chain, send our private data out to a dozen third-party servers, and toward a brighter CROPS future. Some of these goals are Unreasonable - maybe Ethereum would be "fine" getting only 50% of the way - what if we depend on intermediaries, but make it easy to switch? But going 50% of the way would not make Ethereum Deeply Impressive in the CROPS way. So we push for 100%. Fortunately all these goals are compatible with high TPS, this is a major focus of research (esp. on scaling the state). Well-designed L2s can also help, especially L2s optimized for specific applications (eg. high-volume trading, privacy...). These goals are even compatible with significantly lower slot times, thanks to Raul's work on erasure-coded P2P, and many other optimizations. The most high-value "product" of the ethereum blockchain, financially speaking, is ETH the asset. Ethereum secures $250 billion of ETH. The types of properties of Ethereum that I mentioned above are very good for ETH the asset. Nearly 90% of my net worth is in ETH, and most of the remainder is ~$40m of onchain fiat of which every dollar has already been allocated for some open-source biotech or software or hardware initiative. That said, there are aspects of supporting ETH the asset - *necessary* aspects even - that are outside the scope of the EF. This is where we need other heroes (some of whom hold more ETH than the EF does) to step in and help. EF has been recently thinking more about how it will relate to other such organizations, and give them needed initial support. EF will be a smaller ship than in previous years, a more opinionated one - in some cases more opinionated in ways that might be difficult to comprehend - but a longer-lasting one, and one suited to making sure that ethereum brings something meaningful to the world. We are grateful to all those inside and outside the EF who are helping to make this happen.

@doomersaredumb Uh-huh…

This is will smith spagetti video for humanoid robots.

If you're triaging bounty reports, I'd be wary of any PoC with runnable scripts.

1/ We are sharing additional details regarding our investigation into unauthorized access to GitHub's internal repositories. Yesterday we detected and contained a compromise of an employee device involving a poisoned VS Code extension. We removed the malicious extension version, isolated the endpoint, and began incident response immediately.

@kartiktalwar This is awesome

@xBugSlayer @Nethermind @HackenProof Congrats

Happy to announce that, as of today, I’m working as a Web3 Security Triager for @Nethermind.🚀 I’m incredibly hyped to join the team and dive into this new opportunity!🔥 You can still find me on the @HackenProof dashboard though!👀

@PappaPug Many congrats man! Really well-deserving. I hope your indie dev dream also come true soon!

LIFE UPDATE! I've been praying and looking for the right opportunity these last 6 months... And almost miraculously it appeared just two days ago, when I was invited to join a walk-in interview. It was a two-stage interview, and there were loads of people overflowing the lobby of the office. Out of the hundreds of nervous people there, I somehow felt strangely calm. And before long my name was called. Instead of going through the stages, I was brought straight to the final interview room to face the hiring manager. And praise God, I was accepted within that same interview. I was able to go home immediately. "See you Monday", they said. My name wasn't even on the list at first... I didn't know anything about the position or project when I walked in. But when I heard the hiring manager speak I knew it was the right project for me. Reconnecting with my hospitality roots with white glove service. I'm sure these next three months will be extremely interesting. Thank you Lord Jesus. 🕊️ Hallelujah.

@A_Leutenegger Awesome work ser

I look at the recent exploits as a massive opportunity. The industry is going to ZERO without a fix. In the last month we’ve launched: 1. Permissions audits and monitoring 2. Signer-as-a-service 3. A few new features for access-control (to be announced) You as a project now have a choice. Spend more money on marketing or security. Choose your path to institutional adoption.

@code4rena Thank you C4!

An important update from the C4 team. 🧵

@TermMaxFi 🔥

Got $600K lying around? We're almost at $100M TVL. 👀🐬 👉 app.sentio.xyz/share/voasxpq3…

@unsafe_call It was a pleasure to work with you! Learned alot!!

Last week I parted ways with Immunefi. After more than four years, thousands of reports, and over a hundred million dollars in mediations, I’m taking a serious look at what comes next. I’m proud of the work I did there: representing Immunefi on the Arbitrum Security Council, high-impact triage under tight SLAs, technical dispute mediation, leading and judging attackathons including the Ethereum Foundation Attackathon, building internal tooling, and producing bugfix reviews, videos, and educational security content for the broader community. Some of that work was public. Much of it was quieter. Deeply grateful for the co-workers I got to meet around the world and the community I got to know through Immunefi. I’m now looking for security engineering roles where I can use my extensive experience in Web3 security alongside my software engineering background. DMs are open

@sayan_011 1) what

bruh this firedancer contest is one of the funniest shits going on rn lmao github.com/firedancer-io/…

🇰🇵 DPRK loves it when you: - Save your seed phrase in a password manager. - Use hot wallets instead of hardware wallets. - Don't use antivirus, EDR or Lockdown mode in your devices. - Download pirated stuff, install shady apps and play games in your work device. - Accept calls from people without verifying them first. - Use SMS for 2FA. - Sync your passwords, google authenticator and passkeys to your Gmail account - Install lots of browser extensions - Don't update your Operating system and apps. - Repeat passwords. - Don't use a device exclusively for work - Don't verify what you are signing - Run npm install on a "coding challenge" from a recruiter you met on LinkedIn. - Blindly add npm/PyPI packages without checking the publisher, download counts, or recent version history. - Pin your dependencies to "latest" and hope for the best. - Trust any GitHub repo with a slick README and a few stars. - Reuse the same email for crypto, banking, and signing up to random newsletters. - Click "Remind me later" on security updates for weeks. - Disable Windows Defender because it "slows things down." - Plug in random USB drives you found at conferences. - Give every app full disk access without reading the prompt. - Brag about your portfolio size on Twitter under your real name. - Share your screen on Zoom with your main user logged in - Connect your wallet to every airdrop site that promises free tokens. - Approve unlimited token spending so you "don't have to do it again." - Keep your recovery codes in a screenshot in your camera roll. - Trust a Telegram admin who DMs you first. - Run unsigned binaries because "the SHA matches the website. Let's grow up as an industry and start treating security seriously. STAY SAFE

@Cartwheel_Joe @CertiK @RonghuiGu Congrats ser

I am excited to announce that I have joined @CertiK as a BDM. Why CertiK? CertiK is the biggest security auditor in Web3 security platform combining formal verification with audits and comprehensive security solutions. I've had the opportunity to meet @RonghuiGu and CertiK's leadership team, and I'm genuinely impressed by recent changes to prioritize transparency and supporting the Web3 and SR community. This is backed up by the release of their AI Auditor tool as well as continued hiring during the bear market. These efforts stand out among Web3 security firms. I am forever grateful for my time at Immunefi. I've been in crypto since 2014 and they were the first company to give me the opportunity to make an impact in the space. I wouldn't where I am today without them. If anyone is looking for formal verification and audit services, please reach out. And if any SRs are interested in any opportunities here, reach out as well!

OG security contributor, anyone that's looking for something such as an "Security Lead" would be lucky to snatch this guy Experience truly matters, especially in the stressful landscape of web3 security - and this guy has A TON of it. Good luck🫡

@tejas_warambhe @immunefi Thanks man

@TheTradMod @immunefi Best wishes for your future endeavor.

Speedran the Security Triager arc. No longer at @immunefi, but what a run it was. Triaged dozens of reports daily, contributed to high-stakes mediation cases, and conducted security reviews for production protocols with serious TVL on the line, and much more!! Grateful to the whole team, especially @adrianhetman. Learned a lot during this time. Now onto the next chapter. I’m open to roles in smart contract and blockchain security, especially where there’s real impact: audits, live systems, or high-stakes environments. Also open to independent work — audits, team audits, and bug bounty collaborations. If you’re building something meaningful or securing something valuable, my DMs are open 🫡

@Pro___King1 @immunefi Thanks brother

@TheTradMod @immunefi Good luck brother😊😊