TheDAO Fund finished announcing the 200 holders of the ETHSecurity Badge today. Pablo Sabbatella, founder of Opsek, is one of them.
The badges are TheDAO Fund's mechanism for deciding how its security endowment gets allocated. Two hundred practitioners, selected over several batches against a public rubric, vote on which projects, teams, and tools receive funding. It's the closest thing Ethereum has produced to a credentialed electorate for security spending.
What the rubric actually selects for
TheDAO Fund could have made the badges a smart-contract-audit credential — that's how "Ethereum security" has been understood for most of the last cycle. Instead, the published rubric names a much wider field: auditors and white hats, but also formal verification specialists, zk researchers, standards contributors, AI security people, web2 security veterans, and operational security practitioners. That breadth is a position. TheDAO Fund is saying Ethereum security in 2026 is a layered problem no single discipline covers, and that allocation should be decided by people who collectively understand all of it.
Where opsec fits
The losses crypto has taken in the last two years have come overwhelmingly from outside the contract: phishing campaigns sophisticated enough to fool security professionals, North Korean operators landing engineering roles through fake CVs, SIM swaps that turn a phone number into root access, malicious dependencies in dev pipelines. None of that gets caught by a Solidity review.
Operational security is the discipline that addresses this surface: how founders, teams, and treasuries actually operate day-to-day. The rubric putting opsec on the same line as formal verification and zk research is the moment that work gets recognized as peer infrastructure, not adjacent service work. That's the part of today's announcement that matters to us.
What 200 badge holders actually do
Each holder receives two NFTs: a public badge that grants access to a coordination chatroom, and a separate Voting NFT held in a private address so holders can vote on proposals without social pressure.
The composition of the electorate shapes what gets funded. An electorate of smart contract auditors would predictably fund more auditing. This one, including opsec practitioners, web2 security veterans, standards people, and incident responders, will weight differently. We expect funding to flow toward work that doesn't have a clear revenue model: defensive tooling for individual founders, training infrastructure for protocol teams, response capability for the long tail of smaller projects. That shift is overdue.
What comes next
The badge is a vote. It gives its holder a say in which security work TheDAO Fund's grants support, including the operational and human-factor work that has been chronically under-resourced relative to smart contract auditing. That opsec now has representation in that electorate is the part worth marking.
If you do meaningful work in Ethereum security and didn't apply in time, the badge holder set is now closed at 200, but TheDAO Fund's grant rounds will be open to applicants well beyond the electorate. We're glad to have a seat at the table.