This Cybersecurity Pro Gets Paid to Hack Ethereum – for the Good of the Network

A typical day for David Theodore, a security researcher at the Ethereum Foundation, often starts with him checking to see if there were any crashes on Ethereum, the world’s largest smart-contracts blockchain.

After that, he and his colleagues set about trying to break it themselves.

“Our goal is to break things hopefully before anyone else breaks them, so there's nothing else left to break,” Theodore told CoinDesk in an interview.

This article is featured in the latest issue of The Protocol, our weekly newsletter exploring the tech behind crypto, one block at a time. Sign up here to get it in your inbox every Wednesday.

Theodore, 33, is one of about 10 computer engineers and cybersecurity professionals on the Ethereum Foundation’s security research team, based on a slide presentation from June. They cast themselves as the ultimate maintainers – and guardians – of the fast-growing network, seen by some blockchain experts as the foundation of a future global, digital, and decentralized financial system.

The Ethereum Foundation, created by the blockchain’s famous founder, Vitalik Buterin, and set up to support development of the network, boasts a workforce of roughly 150 people, according to the slide presentation. Most of the focus is on constant programming upgrades, growth initiatives, sponsoring developer conferences and providing grants.

So this squad of security researchers represents just a sliver of the foundation’s overall operations. But in a crypto industry renowned for pushing out new protocols and applications that later prove vulnerable to expensive exploits, the team’s role could not be more crucial: Hackers are always looking for new points of attack, and a single slip-up could result in a devastating blow to a blockchain’s reputation as a safe place to transact.

The team members come from a wide array of backgrounds and specializations – many of them with computer science degrees, but experience in responding to exploits, attacking distributed systems and the applying cryptography.

One of the techniques that the security team deploys to protect the blockchain is “fuzzing,” a term borrowed from the software-development industry that’s become a common way of checking to make sure a system is secure and resilient.

Translated to the context of working on Ethereum, members of the security team feed invalid inputs into network nodes to reveal bugs or vulnerabilities in the software. The point of fuzzing is to see if there are any negative reactions to the system.

“We're always fuzzing. We have big supercomputers fuzzing all the time,” Theodore told CoinDesk. “They're fuzzing everything, while you work, while you sleep.”

In 24/7 crypto, a day in the life for Theodore always looks a little bit different.

“If you see panics or errors of any kind, anything that looks like there's failures," he says, "you go look at them and you say, ‘Is this a problem because of my fuzzer or is this a problem that an attacker could make the same problem?’”

Based in Austin, Texas, Theodore sometimes takes his office on the road – in an Airstream recreational vehicle with a dedicated office that allows him to keep fuzzing even when parked in remote locales.

The portable office fits two big monitors and connects to the outside world via Elon Musk’s Starlink satellite internet service. The space is big enough for two people and a dog to inhabit comfortably, Theodore says.

In late 2022, the Airstream served as his base, parked in Granby, Colorado, in the shadow of Rocky Mountain National Park, as Ethereum developers were pushing toward a milestone known as the “Merge” – when the project transitioned to a more energy-efficient “proof-of-stake” network from the “proof-of-work” system used by Bitcoin, the original blockchain.

“We were there for a month before the Merge,” Theodore recalled. It was a convenient location, since he could easily travel to Boulder, Colorado, to meet up with other Ethereum Foundation team members to witness the historic event.

Theodore studied electrical engineering at the University of Texas at Arlington, but after graduation, pivoted to a career in cybersecurity. He spent the early part of his career in the offensive cybersecurity unit at Raytheon, before eventually moving to data forensics firm SkySafe and then to tech giant Google in 2020.

He joined the Ethereum Foundation in 2021 after learning that the organization was forming a security team. Initially, his role was to research how to protect the blockchain during the transition to proof-of-stake.

Since then, the job has evolved to a broader mandate of maintaining the integrity of the network.

“They wanted to make a team that specializes in this kind of thing, the ins and outs of how nation states fund these cyber operations and how they go about them,” Theodore told CoinDesk. The foundation recruited members that could “apply that methodology here and stay a step ahead and try to make Ethereum robust.”

In June, Theodore delivered a presentation about the Ethereum Foundation security research team to a group of Austin crypto developers, listing responsibilities including “general hardfork security,” “beaconchain health,” bug bounty programs, “client security coordination,” and “client diversity advocacy.”

“Our team has found bugs in every CL and EL client and more,” according to one of the presentation slides. “CL” stands for Ethereum’s consensus layer, where validators of the blockchain are hosted and verified, and “EL” stands for the blockchain’s execution layer, where transactions are completed and the state of the blockchain is recorded and managed.

His job is quite untraditional compared to other cybersecurity officials, he says – partly because the organization adheres to a more horizontal management structure, and also because the job can be done from pretty much anywhere.

Ethereum, renowned for its “smart contracts” that allow for programmability and the hosting of decentralized applications, has expanded rapidly, especially now that it serves as the confirmation and settlement hub – the "layer 1" or "L1" – for an array of “layer-2” blockchains that work atop of it, such as Arbitrum, Optimism and the crypto exchange Coinbase’s new Base blockchain.

And as more value is accrued on the network, Theodore believes that the team’s security mandate will grow in importance.

The total market capitalization of Ethereum’s native ether (ETH) tokens currently stands at about $212 billion.

“I think we're critical,” Theodore shared. “The most that is synonymous with security, if you're talking about block space, is the Ethereum L1.”