TL;DR

• TheDAO Security Fund's QF round on Giveth is funding Ethereum security work the rest of the ecosystem builds on. Round closes May 14.

• Wallet security has shifted: AI agents now hold keys and sign transactions, with no native cryptographic guarantee that a real human authorized the action.

• WaaP (2PC wallet) and Human Passport (proof of personhood) close that gap — at the wallet layer and the identity layer.

• In quadratic funding, small donations from many donors move the matching pool more than a few large ones. Even $1 counts.

• Donate or boost on Giveth →

Security is a common problem

Ethereum security is everyone's problem and nobody's budget line. VCs fund distribution, foundations fund coordination, protocol teams fund what ships. The work in between (adversarial testing of wallet stacks, public audits, open bug bounties, the research the rest of the ecosystem builds on) gets done by whoever cares to do it without a clear payback. That gap is what TheDAO Security Fund exists to address. The QF round on Giveth runs through May 14.

Wallet security is one of the round's named focus areas, and it has shifted ground in the past two years. Smart contract bugs, key theft, and phishing are still very much alive: in April 2026 alone, $642 million was drained in crypto exploits, the largest monthly total of the year so far. What is new is the layer above them: AI agents holding keys, signing transactions, and allocating capital onchain at a scale that wasn't possible before. The agentic AI market is projected to grow from roughly $7 billion in 2025 to $93 billion by 2032 (MarketsandMarkets). Traditional markets are deep into the same transition – around 70% of US equity trading is now algorithmic (IMF, GFSR Oct 2024) – and Coinbase's Brian Armstrong expects agents will soon outnumber humans in onchain transactions. The question this raises is whether there is any cryptographic guarantee that a real human ever authorized the transaction the agent just signed.

Regulators are starting to formalize the same question: the EU AI Act's Article 14 begins requiring effective human oversight of high-risk AI systems on August 2, 2026.

The DAO hack: the lesson we keep relearning

The DAO hack is remembered as a smart contract bug. In June 2016, a reentrancy vulnerability let an attacker drain $60 million out of a smart contract that worked exactly as written.

The harder lesson is that nobody watching the drain had any cryptographic authority to halt the execution. The chain forked because that was the only authority anyone could find: humans reasserting what the protocol couldn't.

A decade later, smart contract security has matured as a discipline. Audits, formal verification, bug bounties, layered review, fuzzing, and on-chain monitoring. The contract layer is more defensible now than it has ever been. But the underlying assumption that produced The DAO hack (code holding authority without an accountable human in the loop) has been quietly inherited by every system built on top of it.

How AI agents inherit the wallet authority gap

That inheritance has a new home: agents.

AI agents hold keys, sign transactions, and allocate capital. They are not bound by audited smart contracts; they are bound by prompts, system messages, tool definitions, and whatever scaffolding a developer wired up between an LLM and a wallet. Often, it's what agents themselves wrote.

What the agent has, in effect, is policy with a wallet attached.

An agent with a private key is a delegation of authority that has no native cryptographic proof that a human ever authorized it. On Ethereum, a signature is a signature. The chain doesn't know whether the human is asleep, whether the agent has been jailbroken, whether the prompt was injected through a poisoned web page, or whether the developer correctly enforced their own rules. Whatever security model the developer has in mind is enforced procedurally inside the agent's runtime, not cryptographically by the chain.

The 4am problem

Picture an agent rebalancing a portfolio overnight. It sees a high-yield vault flash on a feed. The vault is a known drain. The agent doesn't know that. Its training cutoff was six months ago, and the threat intel didn't make it into the prompt. It has the key. It has the gas. It signs.

There's nobody watching. There's nothing to stop it. When you wake up, the funds are gone.

This is the same shape of failure The DAO exposed in 2016: code that holds authority without anyone able to stop it once the call has been made. The difference is scale. One contract drained one pool then; hundreds of thousands of agents now make autonomous decisions across major chains.

TheDAO Security Fund: from 2016 hack to Ethereum security endowment

TheDAO Security Fund reactivated 75,000+ ETH from the original 2016 recovery and turned it into a long-term endowment for Ethereum security. The staked principal generates roughly $8 million a year in yield, distributed through quadratic funding on Giveth.

The curators: Vitalik Buterin (Ethereum Foundation), Taylor Monahan (MetaMask), Griff Green (Giveth), pcaversaccio (SEAL 911), Alex Van de Sande (ENS), Jordi Baylina (ZisK), Pol Lanski (DappNode). Several of them lived through the original hack, while others have spent the decade since working on wallet, identity, and incident-response surfaces the ecosystem now leans on.

The ETH that drained in 2016 is now funding the work to keep the next decade from rhyming with the last one. The first round on Giveth allocates a 500 ETH matching pool across projects working on wallet security, incident response, user protection, core protocol security, and the L2 ecosystem; most of them are building for an environment where the actors making decisions onchain are increasingly not human.

WaaP (Wallet as a Protocol) and Human Passport: cryptographic human authority for agent wallets

human.tech is in this round because the missing primitive is cryptographic human authority over autonomous systems: authority the chain itself can verify, rather than policy enforced inside an agent's runtime.

WaaP is built on two-party computation. The private key, in practice, doesn't exist anywhere whole. It is split into two shares: one on the user's device, one in a TEE or (soon) onchain through Ika for censorship resistance. Every signature requires both parties. An agent can hold a share, but it cannot move funds alone. When an action falls outside the scope a human pre-approved (spend caps, contract allowlists, time-bounded privileges), the human gets a one-tap approve or deny over Telegram, email, SMS, or hardware wallet.

The cryptographic split is load-bearing. Spend caps, contract allowlists, and time-bounded privileges stack above it as configurable policy that the user can loosen; the two-share signature requirement is not configurable at all.

The architecture has been independently audited four times: Cure53, Hexens, Least Authority, Halborn. This round funds the next steps:

• adversarial testing on the privilege engine,

• audits of the new onchain security share components,

• an open bug bounty, and

• security research that lives in the commons.

While WaaP enforces what an agent is allowed to do, Human Passport verifies whether a real human ever asked it to. Over 2.3 million Passports created, 44 million credentials issued, $512 million in capital protected from Sybil attacks. Proof of personhood is what makes the rest of the math sound, and it is what gates this round, so the matching pool only counts donations from people, not farms.

The infrastructure work behind both products (the audits, adversarial testing, open security research) is what this round funds at the next phase.

How quadratic funding multiplies small donations

This is a quadratic funding round. Breadth of donors moves the matching pool more than the size of any single donation. One hundred people contributing $1 generates more matching than one person contributing $100. That is why the round is gated by Passport scoring at all: the math only works if the donors are real humans.

The round closes May 14. Donate or boost on Giveth.

Meme by Human Passport encouraging Ethereum Security QF round donations

FAQ

What is TheDAO Security Fund?

A long-term endowment for Ethereum security, capitalized by 75,000+ ETH from the unclaimed funds of the 2016 DAO hack recovery. The staked principal generates roughly $8M/year in yield, distributed through quadratic funding rounds on Giveth and other mechanisms. Curated by Vitalik Buterin (Ethereum Foundation), Taylor Monahan (MetaMask), Griff Green (Giveth), pcaversaccio (SEAL 911), Alex Van de Sande (ENS), Jordi Baylina (ZisK), and Pol Lanski (DappNode).

When does the current QF round close?

May 14, 2026. Donate or boost on Giveth.

What is a 2PC wallet?

A wallet built on two-party computation, where the private key is split into two shares — one held by the user, one by a co-signer (a TEE, an onchain protocol like Ika, or a designated party). Every signature requires both parties. Neither side can move funds alone. WaaP is built this way.

Why does proof of personhood matter for AI agents?

An onchain signature carries no native proof that a real, unique human authorized it. Proof of personhood (what Passport provides) verifies that the human approving an agent's action is a real, unique person, not a sybil, bot, or farmed identity. Without it, agent authorization is procedural rather than cryptographic — the same gap The DAO hack exposed.

How does WaaP relate to the EU AI Act's Article 14?

Article 14 requires high-risk AI systems to be designed for effective human oversight: a person must be able to intervene, override, or halt automated action. WaaP enforces that property cryptographically rather than procedurally — the math of the two-share signature requirement makes human authorization a precondition for any onchain action, not a hopeful runtime check. Article 14 begins applying broadly on August 2, 2026.

How does quadratic funding work in this round?

Breadth of donors moves the matching pool more than donation size. One hundred people contributing $1 each generates more matching than one person contributing $100. The round is gated by Passport scoring (or an ETHSecurity badge) so that only verified humans count — the math of QF only works if donors are real people, not farms.