Author: Aerugo, Interim Co-Executive Director of the Ethereum Foundation
Compiled by: Guyu, ChainCatcher
1. Introduction
Vitalik recently wrote about the direction of the Ethereum Foundation (EF); Aya supplemented it with a note explaining how we got here and why. I'll write about the execution.
We now know clearly enough what the question "What is the EF for?" is to stop treating it as an open-ended one. Our mission is clear: The Ethereum Foundation exists to ensure that Ethereum is and will remain truly permissionless, sovereignty-preserving infrastructure: resistant to censorship (and data theft), free and open source, private, secure; and capable of supporting sovereignty-preserving coordination at scales where it previously was indispensable.
Below are some thoughts I have on a few implications of that mandate and how we translate it into action. But first, a brief recap...
2. What the EF is Not For
We are not here for EF relevance, corporate/political palatability, or ecosystem popularity. We are not here to please short-term speculators, to prop up new "too big to fail" systemically important financial institutions, to promote every application on Ethereum, to help anyone look good in front of their crypto or investing friends, or to provide on-demand entertainment for dinners and private gatherings.
3. What the EF Is For: Removing Vulnerabilities
We are here to harden the defenses where Ethereum is or could become extractive, totalizing, or susceptible to cartel or state control, or subject to the tools of surveillance or coercion of authoritarian regimes.
We will act based on a comprehensive look at Ethereum as it is and could be at the protocol layer (the "Ethereum" that actually runs), the access layer (the parts users use to interact with the protocol), the user layer (end users who need and will need Ethereum), and the institutional layer (the intermediate pathways that extend sovereign use).
The EF is meant to harden each of these layers, including those where Ethereum remains permissionless in form but could be captured in practice. Some obvious layers include the transaction pipeline, staking and network security, access layer standards and interfaces, sovereignty-preserving norms, privacy expectations, institutional adoption patterns, and social layer governance processes. The main question for each is largely the same: does the status quo and its future direction minimize trust dependencies, minimize exploitable vulnerabilities and control points, default to user privacy, preserve exit, and make trust assumptions legible?
This work starts with the EF itself. We are moving compensation and primary financial relationships to Ethereum (ETH) and compliant Ethereum-native stablecoins, except where law or unavoidable operational constraints require exceptions. This is not a mere ritual, nor a demand that people take on unmanaged personal risk, it is robustness, consistency, and product pressure.
If the EF's purpose is to enable Ethereum as sovereignty-preserving infrastructure, then everyone at the EF will increasingly be constrained by the system the EF is meant to improve: wallet UX, volatility, accounting, privacy leaks, payment friction, stablecoin trust assumptions, recovery, dependency risks, and more. If we can't use the tools ourselves, we have no business expecting others to. Ethereum is mature; anyone not dependent on the user-facing tech stack, at any layer, has no standing to attempt to shape its future.
Next, the transaction pipeline. Preventing harmful MEV from being extracted is Ethereum core work, not a secondary market structure problem. The supply, ordering, inclusion, block building, propagation, and settlement of transactions are all within Ethereum's neutrality boundary. Some MEV may persist as an adversarial phenomenon included in the protocol, but it must be minimized. To do that, we must guard against its beneficiaries gaining undue influence.
If credible-neutral execution is compromised by privileged order flow, monopolistic builders, trusted relays, opaque routing, or validators outsourcing to a narrow supply chain, Ethereum will feel intermediated as value moves, even if it looks permissionless on paper. Therefore, EF protocol work will focus on lowering barriers to block building and validation, strengthening inclusion guarantees, lowering extraction opacity, building competitive transaction pipelines, improving user understanding of trust assumptions, and more aggressively exploring open order flow solutions.
None of this is simple. An effective fix in one place may make a problem worse elsewhere. FOCIL is good for censorship resistance, but it may introduce more cross-block MEV. ePBS solves relay trust, but we must ensure its implementation does not inadvertently block longer-term solutions to bigger problems. For example, if ePBS consolidates the builder economy in a way that makes it harder to later reduce reliance on private order flow from depleted public mempools, that is unacceptable. Encrypted mempools might not only reduce pre-execution transparency and visibility into pending order flow, but could shift competitive advantage to new privileged actors, including specialized hardware operators in some designs, while increasing protocol complexity.
To avoid wasting time playing whack-a-mole, we must commit to solving the resource extraction problem holistically. That will take creativity, courage, and an understanding that failing to solve it is unacceptable. If we fail, we not only leave unnecessary friction in the path of institutional adoption, more importantly, we give up Ethereum's core promise — to replace predatory middlemen with permissionless, credibly neutral infrastructure and competitive markets. That must not happen.
MEV is likely the next major front in the cypherpunk war. We must be well-prepared to win here.
Privacy is essential. A public ledger without strong privacy defaults is a surveillance platform with settlement guarantees. This is not the end state for the world computer. Ethereum will provide unconditional privacy first, with programmability on top for selective disclosure, proofs, audits, compliance logic, reputation, governance, identity, and other constraints chosen by users and their communities. The sequence matters: unconditional privacy must come first, opt-in constraints follow.
It is also crucial to avoid forcing users to build a fragile combination of special wallets, RPCs, bridges, apps, compliance providers, and operational habits just to achieve privacy. Deep privacy must be safer than that. Privacy is necessary for Ethereum to survive as freedom-respecting coordination infrastructure, so it must be robust.
Staking must be treated as protocol infrastructure risk. Staking is not just a yield product, and liquid staking is not just an app-layer market. If staking, liquidity, validator access, DeFi collateral, and governance influence concentrate in a handful of issuers or operators, Ethereum's security layer becomes vulnerable to capture by the economic layers built around it. The EF will support research, specification, and design to ensure staking is permissionless, private where possible, diversified in operation, and prevents intermediaries from becoming permanent control points.
Access interfaces are where users touch the protocol directly or through intermediate defaults. The main question here is not how to get Ethereum accepted in more places, but how to make its users (end and institutional) more sovereign, less susceptible to coercion, and to avoid normalizing soft coercion as the price of access. The EF will not increase Ethereum's acceptability by watering down what makes it unique. Ethereum does not need to become another permissioned settlement backend with better branding. It needs to prove in production that sovereignty-preserving coordination at scale is viable.
In the EF's defensive work, the point is to ensure Ethereum infrastructure remains usable by users in scenarios of counterparty default, platform censorship, government overreach, intermediary misappropriation, and coordination problems too hard for trusted systems. The point is to ensure the infrastructure is secure at every layer against whatever attacks might exist.
4. The Other Thing the EF Is For: Seizing Opportunities
Hardening defenses is not enough. Ethereum's potential is not fully realized, but that doesn't mean the future is guaranteed. Opportunities must be seized when the time is right. A few opportunities are already in view:
* Ethereum will be the first quantum-resistant global infrastructure. Ethereum researchers will lead the migration to post-quantum cryptography before the threat is imminent, not after it becomes a governance crisis. That means hardening Ethereum's cryptographic foundations while there is still time to do it thoughtfully. The same goes for other long-term risks; waiting for market demand means missing the best time for principled design.
* A fully sovereign-verifiable protocol stack, end-to-end, local and remote, with no vulnerabilities to censorship or data extraction: browsers, wallets, intents, broadcast, order flow, inclusion, block building, proposing, attesting, exiting, and recovering. Minimal MEV, and none of the harmful MEV embedded inside or around the protocol. No execution layers that are permissionless in form but guarded by privileged supply chains. If there are channels that flow to extractive private channels, there are other options to keep the protocol running. The goal is not just to prevent extraction or capture, but to make credible-neutral execution competitive enough to attract serious users.
* Making Ethereum boring digital cash: a private, dignity-respecting, depreciation- and surveillance-resistant medium of exchange and store of value, and the natural asset for private computation and private coordination by humans and their agents. If Ethereum can enable private economic life and private institutional life without users going back through the friction and potential abuse of custodians, surveillance vendors, or permissioned ledgers with gentler branding, and provide a platform for a secure and competitive machine economy, it unlocks immense value.
* A personal wallet that users own and run on their own personal computers, with a user-owned AI agent inside. Keys not your own, tokens not your own; models not your own, your thoughts not your own. As agents become the interface for more economic and social activity, who owns the wallet, model, memory, policies, and signing authority stops being a UX detail and becomes a fundamental sovereignty question — we are all users first and everything else second, something everyone at the EF keeps in mind.
* In institutional and enterprise contexts, Ethereum wins not by disappearing into an invisible backend, guarded by middlemen, with bad UX, reduced to compliant fintech platforms with Web3 branding. We win by proving that credibly neutral infrastructure can handle disintermediated coordination in a highly competitive way, forcing trusted intermediaries to accept Ethereum on its terms.
* Sovereignty-preserving scaling. L2s and related infrastructure that meet institutional-grade demands without relying on closed operators, opaque processes, custodial UX, or upgrade committees users cannot truly exit. Scaling isn't just throughput, it's sovereignty-preserving usability under real load.
We are making sure Ethereum remains the most robust foundation for local and global settlement; more than that, a civilizational ledger and execution platform built to last. When future civilizations talk about the infrastructure they inherited from the information age ancients, Ethereum should be the example they point to first.
Ethereum will outlive us all. Many paying attention understand this. Many may not believe it, but it's true. If you don't believe or don't get it, we don't have time to try to convince you, sorry.
5. On Departures
Around and after the EF's new guidelines, there has been speculation online about departures. Some people resigned, some were let go. Reasons include strategy, role fit, normal institutional churn, and people simply feeling they could contribute to Ethereum better elsewhere. We won't discuss individual personnel matters on Twitter. That's our default, because it's better for the EF, for the people involved, and for Ethereum itself. Everyone who contributed to the EF should leave with respect. Their work history shouldn't become fodder for factional fights.
Where possible, as a courtesy not a concession, we allow people to describe their departure in their own words. If public statements seriously mislead about EF direction, decisions, or responsibilities, we may correct at the level of policy, process, and institution. But we will never air individual dossiers.
Ethereum is permissionless. People can disagree, criticize, compete, fork, and build elsewhere. We are committed to decent exits for the project, and hope others are too. We are grateful for everything contributors have built; we will keep moving forward with the work Ethereum needs.
6. On EF Spin-Offs
In the coming months, some work will no longer be done by the EF. We hope and expect this process will lead to productive work that expands sovereign learning to more places. But we must also be careful not to let it become a way to offload responsibility or excuse profligacy. Some work doesn't belong with the Foundation's purpose and shouldn't continue using EF funds or EF imprimatur, inside or outside the Foundation.
Spin-offs will vary. Some leave the EF because other bodies are a better fit; some because the market should determine their value; some because they conflict with the direction set in the charter; and some because they are useful, but not a good fit for EF work.
Just as a spin-off is not necessarily good because it reduces EF headcount, having been part of the EF does not confer a right to EF funding. In deciding whether to fund, the question we ask is not "is this money from the EF?", but the same questions all external funding should ask:
"Is this work essential? If the EF had sufficient organization and resources, would it do this work itself? Is there a better alternative? Can an external body do it without increasing risks of capture, privatized gains, opacity, or dependency? Can supporting this work reduce Ethereum's dependence on the EF over time, without prematurely transferring resources and legitimacy to a new organization that might fail operationally or mission-wise?"
EF funding for external work can be appropriate when it's a capacity solution for mandated work — work the EF should responsibly want done; work that protects the crop; work that advances and expands sovereignty; essential work that no other actor could or would do reliably without EF funding; and work that can be scoped, reviewed, and held accountable without creating permanent dependencies.
It is inappropriate if the funding is to kick a can down the road, to maintain friendships, to burnish reputation, to avoid making hard decisions, or to support work at odds with the project's aims.
The EF's funds, legitimacy, and mandate are all limited. We will take all three seriously, and make sure they do the work they're meant to do. When we say "the EF is one of many nodes", we mean we are committed to being one of many nodes preserving sovereignty and its extension, and working to ensure CROPS is first among indispensable peers in the network. It doesn't mean we'll support organizations or projects with different priorities. Diversity that increases ecosystem resilience, reasonably bounded coordination costs, and better decisions is good; diversity that leads to mission drift is not.
We are not neutral on Ethereum's direction. CROP is not just something we "believe in", it's something we know must be taken seriously and prioritized in every Ethereum fork for Ethereum to reach its full potential. We are committed to building a system of extraordinary neutrality that will fundamentally reshape the world we live in; we want to work with everyone committed to that same goal.
