The Red Guild is a public-goods security organization.
You decide if The Red Guild survives to continue producing independent top-quality security public goods for Ethereum.
The Ethereum Security Funding Round in giveth is live. Show your support here 👇
The QF prefix to the URL is important; you'll just be donating outside the campaign if not.
The Red Guild's impact
Since the beginning of 2023, The Red Guild has worked full-time on the safety of the Ethereum ecosystem through open research, free training, advisories, tooling, and education.
Our blog is our public record of periodic status updates, technical writeups, event reports, and shipped resources. Anyone can verify what we build and maintain. Today our work spans multiple active lines: crypto-focused cybersecurity training with The Phishing Dojo, contributing with SEAL (see Security Frameworks), security education and awareness, security research and advisories, and open-source tooling.
We don't focus just on smart contracts, because security threats go well beyond them. Collectively, our team:
- Stewards Damn Vulnerable DeFi as a forever-free training ground and keep turning it into workshops and walkthroughs.
- Created, along with Patrick Collins, the first free and most complete smart contract security course, which to this day is the most viewed and recommended by the community.
- Continue to develop The Phishing Dojo, a threat simulation platform to train you against phishing and scams through realistic scenarios, improving it through beta releases, new wallet-signing and email challenges, account management, and progress tracking.
- Lead SEAL’s Security Frameworks
- Publish technical advisories and research on off-chain and developer-security topics, with practical public resources such as DevSecOops, devcontainer research, devcontainer-wizard and now exploring with transient/ephermal VMs in a world where having a 0-day vulnerability has become cheaper.
- Do public-facing security research, investigations and guidance on Ethereum 7702 risks, malicious VSCode extensions, container escapes, npm supply-chain threats, "Why technical excellence fails" (whitehats not recognized as a critical infrastructure) and the One Time Pwnage / SLOVENLY COMET advisory on SMS interception attacks.
Beyond digital impact
Our impact isn't only digital. We have mentored, judged, organized, and taught across IRL events, including Devcon, Devconnect, DeFi Security Summit, ETHCC, Ethereum Argentina, Ethereum Uruguay, and pop-up cities like muBuenos and Aleph/Crecimiento.
- In Aleph, we organized the Security Day, a conference with original contents of its own, offered office-hours to startups, spoke about security as a public good, and hosted a Solidity & dApps week to onboard and improve builders skillsets.
- At Devconnect, even after organizational restrictions and a rejected grant, we run a security awareness campaign: security challenges, a new Phishing Dojo beta, a QR threat analyzer, a live threat dashboard, and 3,500 printed OPSEC-while-traveling books distributed across the week (we still continue to receive requests for more).
- At Ekoparty, the biggest security conference in Latin America, we were invited to organize the blockchain security village, in which we onboarded members of the WebtrES community, sponsoring the booth, supporting its contents and installation, promoting CTFs and talks, bringing young people into hands-on security learning.
- In Tandil, our public posts also show us organizing GEERS, a local web3 focused set of gatherings/conferences, helping energize local Ethereum community-building around Nodo Serrano.
We have also taken a key role in multiple Ethereum-centered activities, such as:
- Organizing the first edition of the Ethereum Rangers program to fund public good security initiatives.
- Being champions at the One-trillion-dollar initiative first gathering, coordinating the Offchain layer, presenting insights and creating a blog-post later used by ethereum.org’s 1TS official report.
What matters now is continuity
Our team ran out of funding on November 8, 2025.
We kept going anyway: building, publishing, running the Devconnect awareness campaign, showing up for talks and workshops, and taking on community work. Because our commitment is to the ecosystem, not to VCs pockets.
We have no paywalls, no token, no closed access, and no sales funnel. Our public goods do not make money, but still require time, infrastructure, maintenance, logistics, and sustained research.
This round is not about helping us start
It is about deciding whether the work The Red Guild has delivered, maintained, and used in public can continue to exist. People across the ecosystem keep saying The Red Guild’s work matters. This is when words can become concrete support.
Go all-in for The Red Guild here 👇