Article Hash (SHA 1): 63950885fa404927314d9862ec37f81d84e5fc75

Number: PandaLY Security Knowledge No.024

On August 23, 2024, the Federal Reserve released its expectations for a rate cut, triggering a wave of gains in the cryptocurrency market. However, almost at the same time, the Ethereum Foundation transferred 35,000 ETH to the Kraken exchange in the early morning of August 24. This operation quickly attracted market attention and discussion, not only because of the amount of ETH trading volume, but also because the Ethereum Foundation was nicknamed the "Master of Escape" by the market.

Historical Records of "Escape Master"

The Ethereum Foundation’s history of “escape from the top” can be traced back to several major market fluctuations. On May 6 last year, the foundation transferred 15,000 ETH to the Kraken exchange. In the following 6 days, the price of ETH plummeted from US$2,006 to US$1,740, a drop of 13%. In the earlier bull market in 2021, the Foundation also successfully shipped at high points twice:

May 17, 2021: The Ethereum Foundation sold 35,053 ETH at an average price of US$3,533. Then the market experienced the famous "5.19 crash", and the price of ETH almost halved to US$1,800.

November 11, 2021: The Foundation once again sold 20,000 ETH at an average price of $4,677, and the market then began to fall.

These precise operations have drawn the market's close attention to the Ethereum Foundation's delivery strategy.

What is the truth?

Although the Ethereum Foundation's precise shipments at several market highs are impressive, from a longer time perspective, this title of "top escape master" is not entirely accurate. According to data compiled by Wu Blockchain, the Foundation also missed the subsequent huge gains on December 17, 2020 (selling 100,000 ETH at a unit price of $657) and March 12, 2021 (selling 28,000 ETH at a unit price of $1,790).

Judging from the transfer records of the Ethereum Foundation in the past year, it is not difficult to find that these operations are basically regular sales. It is unfair to call him a "master of escaping the top" just because he sold at a high price a few times.

The reason why the Ethereum Foundation sold ETH

Regarding the transfer of 35,000 ETH to the exchange, Aya Miyaguchi, executive director of the Ethereum Foundation, explained: "This is part of the Ethereum Foundation's fund management activities. The Ethereum Foundation has an annual budget of approximately US$100 million, which is mainly used for the payment of grants and salaries. Some recipients can only accept legal tender." She also mentioned that this ETH transfer does not mean a sale, and that it may be sold in stages in a planned manner in the future.

According to crypto analyst DefiIgnas, after transferring 35,000 ETH, the Ethereum Foundation currently still holds about 273,000 ETH, accounting for about 0.25% of the total supply of ETH. The funds are mainly used for global conferences (such as Devcon and Devconnect), online courses and innovation projects.

Market impact of sell-offs and directions for improvement

It is worth noting that since the listing of the Ethereum ETF on July 23, as of August 26, Grayscale's ETHE has had a cumulative net outflow of 799,000 ETH, with an average daily net outflow of 32,000 ETH. In comparison, the 35,000 ETH recently sold by the Ethereum Foundation is not particularly large.

In fact, it is understandable that the Ethereum Foundation sold ETH, after all, the team development and operation requires financial support. Moreover, the 273,000 ETH held by the Foundation only account for 0.25% of the total supply. From the perspective of market capitalization, the Foundation's selling behavior has little direct impact on market liquidity, and the negative effects are more reflected in market sentiment, such as causing ETH holders to lose confidence and follow suit.

In addition, the Ethereum Foundation has previously announced a $100 million budget, but the community's demand for regular disclosure of detailed financial information is growing. For example, the Foundation could consider regularly publishing detailed reports containing financial and basic updates, including team expenditures, the timing of selling ETH (which should fully consider how to reduce the impact on the market), how and where funds are used, team size and allocation, etc. These measures will help stabilize community sentiment and enhance ETH holders' understanding and support for the Foundation, thereby promoting the development of Ethereum.

The Ethereum Foundation’s Transparency and Security Challenge

Security and transparency have always been core challenges faced by major projects and institutions. The large-scale ETH sell-off by the Ethereum Foundation not only directly affects market price fluctuations, but also poses a severe test on how to effectively manage and protect large-scale digital assets. Case sharing: Ethereum Foundation email was hacked, and no one was harmed in the Lido pledge scam. On June 23, 2024, the Ethereum Foundation's email server was hacked. Hackers launched a phishing scam impersonating Lido pledge and sent fake emails to 35,794 users, claiming that the Ethereum Foundation cooperated with LIDO DAO to provide 6.8% staking interest. After clicking the "Start Staking" button in the email, users will be directed to a malicious website and their wallets may be emptied. Despite this, the Ethereum Foundation blocked the attacker in time and restored the attacked email account, and no user lost funds in the end. This incident highlights that in the current Web3 environment, both project parties and users must strengthen their prevention of phishing and other security threats. The following are the main countermeasures for Web3 security:

  • Smart Contract Security — From Prevention to Response

Smart contracts are at the core of the Web3 world, and almost all decentralized applications (DApps) rely on the correct execution of smart contracts. However, vulnerabilities and errors in the design and implementation of smart contracts may lead to serious security incidents. For example, the DAO incident in 2016 was caused by the exploitation of a smart contract vulnerability, resulting in the theft of more than $60 million in Ethereum.

Safety precautions:

1. Comprehensive code review and security testing: The code of the smart contract must undergo multiple rounds of review and testing before release. This includes not only internal review by the project team, but also external third-party security audit companies should be invited to conduct independent assessments. Multi-level reviews can maximize the discovery of potential vulnerabilities.

2. Use verified security libraries: When developing smart contracts, try to use widely verified open source security libraries. These libraries have been used and tested for a long time in the community and can reduce potential risks in the code.

3. Simulated attacks and stress testing: The project team should conduct simulated attack tests to discover in advance the attack methods that smart contracts may encounter in the actual environment. At the same time, through stress testing, understand the performance of smart contracts under high-concurrency transactions to ensure that they can still operate safely under extreme conditions.

Security response measures: 1. Quick response mechanism: Once a vulnerability is found in a smart contract, the project team should immediately initiate an emergency plan, freeze relevant contracts or take other response measures to prevent further losses.

2. Bug Bounty Program: Encourage the community and external security researchers to discover and report potential vulnerabilities and improve the overall security level through the Bug Bounty Program.

  • Transparency in fund management – ​​enhancing trust and preventing internal risks

Fund management is another major security challenge faced by non-profit organizations such as the Ethereum Foundation. The centralized management of a large number of digital assets may become a target for attackers or lead to misuse of funds due to poor management.

Specific measures:

1. Multi-signature wallet: The foundation should use a multi-signature wallet to manage large amounts of funds. In this way, even if the private key of a single signer is stolen, the attacker cannot easily transfer funds and must obtain authorization from multiple signatures.

2. Decentralized storage and management: In order to reduce the risks brought by centralized management, funds can be stored in multiple addresses or accounts. The authority and scope of use of each account should be clearly defined to reduce the possibility of single point failure.

3. Real-time and transparent financial disclosure: Through the openness of blockchain technology, the foundation can disclose the flow of funds in real time on its official website or community platform to ensure that every transfer of funds is open and transparent. Through such openness and transparency, the foundation can not only prevent internal risks, but also enhance the community's trust in it.

  • Market operations and compliance – balancing market influence and legal requirements

Large transactions often have a huge impact on the market, especially in the cryptocurrency market where regulation is not yet fully clear. Large sales by foundations may cause market turmoil and even be regarded as market manipulation. Therefore, foundations need to be extra cautious when conducting market operations and ensure that their actions are compliant and legal.

Specific measures:

1. Gradual sales and market prediction model: When transferring or selling large amounts of assets, the foundation can adopt a gradual sales strategy to reduce the impact on market prices. At the same time, a market prediction model can be introduced to evaluate the potential impact of different sales plans on the market, so as to select the best plan.

2. Cooperation with regulatory agencies: The Foundation should proactively cooperate with regulatory agencies in various countries to ensure that its operations comply with local laws and regulations. At the same time, the Foundation should actively participate in industry self-regulatory organizations, promote the formulation of reasonable market operation guidelines, and maintain market fairness and stability.

3. Market forecast and information disclosure: Before conducting large-scale operations, the foundation can release a forecast to the community through official channels in advance, explaining the reasons and purposes of the operations. This can reduce market panic and avoid unnecessary fluctuations.

  • Education and community engagement – ​​building safety awareness

In addition to technical and management-level security measures, education and community interaction are also important links to enhance overall security. The Foundation can use various methods to enhance the security awareness of developers and users and help them master basic security knowledge and operational skills.

Specific measures:

1. Organize security training and seminars: The foundation can regularly organize security training and seminars for developers and ordinary users to share the latest security threats and prevention techniques. This will not only improve the security awareness of participants, but also promote experience exchange and cooperation within the industry.

2. Release security guides and tools: The Foundation can write and publish security operation guides to help users avoid common security risks. At the same time, it can develop or recommend some security tools to help users better manage their digital assets.

3. Establish an emergency response community: The foundation can establish an emergency response team in the community to handle security incidents in a timely manner and provide assistance. This interaction can not only improve the efficiency of emergency response, but also enhance the cohesion and trust of the community.

Conclusion

The Ethereum Foundation’s funding and transparency have long been a focus of community concern. Since 2015, the Foundation has allocated more than $170 million through multiple grant programs, supporting hundreds of projects. However, the community has increasingly demanded greater transparency in the Foundation’s finances, especially in light of the frequent and large-scale sales of ETH.

In the future, if the Ethereum Foundation can be more open about financial transparency, such as publishing financial reports regularly, explaining the specific details of fund use, and interacting and communicating with the community more frequently, it will help enhance the healthy development of the entire ecosystem and ensure that Ethereum continues to maintain its leading position in the blockchain field in the future. Through continuous research and development, community operations, and market education, the Foundation will be able to make greater contributions to the security and development of the Web3 world and further consolidate its important position in the industry.

Lianyuan Technology is a company focusing on blockchain security. Our core work includes blockchain security research, on-chain data analysis, and asset and contract vulnerability rescue. We have successfully recovered many stolen digital assets for individuals and institutions. At the same time, we are committed to providing industry organizations with project security analysis reports, on-chain traceability and technical consulting/support services.

Thank you for your reading. We will continue to focus on and share blockchain security content.