TheDAO Security Fund
TheDAO Security Fund is a 2026 revival of unclaimed funds from the 2016 DAO hack, repurposed as a permanent, community-governed security endowment for the Ethereum ecosystem. (→ [[ethdenver]])
Background: The 2016 DAO Story
- 2016: TheDAO raised $150M (~14% of all ETH in existence; 12M ETH at $12.50)
- Hacked; Ethereum hard fork rescued ~97% of funds — DAO token holders received 1 ETH per 100 DAO tokens
- The remaining 3% (edge cases): unclaimed by people who lost keys, plus “extra balance” contributions where people paid more than the standard rate
- Griff Green led the recovery of this 3% and the white hat rescue of an additional portion
- A parallel chain (Ethereum Classic) preserved the hack; ETC was also recovered and distributed
Result: ~99.3% of the post-fork ETH was claimed. The ~0.7% unclaimed (plus accrued staking/ETC) now represents $150M+ in legacy contracts, with the broader DAO contracts holding $300M+ total.
Why Now (2026)
Three triggers forced action:
- Security risk of inaction: $300M in contracts written when Solidity was months old, holding six keys public for 10 years, managed by volunteers with JSON files on computers — not a professional security setup
- Balancer hack (August 2026): AI-assisted black hats exploiting old contract code demonstrated the threat is real and accelerating
- PC from SEAL 911 reached out to Fade (Wintermute) → Griff Green, catalyzing the decision to act
The Solution: Stake and Fund
Rather than distribute the remaining unclaimed ETH, the curators decided to:
- Stake the ETH → generate staking rewards
- Use yields to professionally secure the contracts and fund Ethereum security initiatives
- Keep withdrawal contracts open forever so any remaining rightful claimants can still access their funds
Core principle: “Do nothing” was actually the riskiest choice at $300M managed by volunteers with decade-old key material.
Governance Structure
Curators (Multisig)
Vitalik Buterin, Taylor Monahan, Jordi Baylina, PC (SEAL 911), ABSA, Griff Green, Lansky — seven high-profile Ethereum security figures.
Round Operators
- Apply to run funding rounds (futarchy, quadratic funding, deep funding, etc.)
- Curators select: scope of round, budget, which operator
- Rounds planned quarterly
Security Badges (Announced at ETHDenver)
200 NFTs — one per top Ethereum security researcher — functioning as a one-person-one-vote governance token:
- Not tradeable (soulbound intent)
- Enables domain experts to decide fund allocation, not token holders
- Stays above Dunbar number (150) to maintain meaningful participation
- Doubles as a credential: equivalent to “top 200 Ethereum security researchers” label
Eligibility Criteria
Ethereum Foundation collaborates on eligibility criteria for grant recipients. This is the “crux of decentralized distribution” — bad actors out, all allocation destinations are good ones.
What Gets Funded
Security in Ethereum is broader than smart contract audits:
- Smart contract audits
- Wallet UX security
- Threat monitoring systems
- Operational security (OPSEC)
- White hat infrastructure
- Anti-phishing and anti-scam tooling
First donation: both the DAO Security Fund and the Ethereum Foundation donated to SEAL 911 — the on-call incident response service that any hacked user can reach via the SEAL 911 bot. SEAL 911 has no reliable revenue stream (victims rarely tip after being rescued), making it an ideal target for sustained public-goods funding.
Bottom-Up vs. Top-Down
The Fund positions itself as complementary, not competing, with the Ethereum Foundation:
| DAO Security Fund | Ethereum Foundation | |
|---|---|---|
| Style | Bottom-up, community-governed | Top-down, expert-selected |
| Focus | Security specifically | Broad protocol R&D |
| Decision process | Round operators + domain experts | Internal grants team |
| Capital source | Staking yield on legacy DAO ETH | EF reserves |
The Broader Argument
“If we fix security, we can make Ethereum the financial backbone of society.” — Griff Green, ETHDenver 2026
The argument: DeFi users know people who have been phished, hacked, or lost funds to scams. Normies don’t have problems with their bank accounts. Security is the gap preventing Ethereum from becoming a genuine financial alternative.
Connections
- Smart Contract Security (2026 State) — Audits, shift-left security, wallet UX all fall within the fund’s mandate
- Ethereum Staking Dynamics — Staking yield is the funding mechanism; the fund is a large ETH staker
- DeFi Institutional Transition — Institutional DeFi adoption is bottlenecked by security; the fund addresses this structurally
Open Questions
- Will the 200 security badge NFTs create sufficient legitimacy without devolving into credentialism or clique dynamics?
- How does the Fund handle a situation where a grantee is later found to be a bad actor?
- Can quarterly rounds keep pace with the speed of attack vectors in 2026?
- Is $150M–300M sufficient for the scope of Ethereum security needs, or does this need to be supplemented by protocol-level funding?